Documentation ¶
Index ¶
- func GetAuthnRequestURL(baseURL string, b64XML string, state string) (string, error)
- func IsExpired(err error) bool
- func ParseIDPMetadata(metadata []byte) (string, *x509.Certificate, error)
- func SignRequest(xml string, privateKey []byte) (string, error)
- func SignResponse(xml string, privateKey []byte) (string, error)
- func VerifyRequestSignature(xml string, cert []byte) error
- func VerifyResponseSignature(xml string, cert []byte) error
- type Assertion
- type AssertionConsumerService
- type Attribute
- type AttributeStatement
- type AttributeValue
- type AuthnContextClassRef
- type AuthnRequest
- func (r *AuthnRequest) CompressedEncodedSignedString(privateKey crypto.PrivateKey) (string, error)
- func (r *AuthnRequest) CompressedEncodedString() (string, error)
- func (r *AuthnRequest) EncodedSignedString(privateKey crypto.PrivateKey) (string, error)
- func (r *AuthnRequest) EncodedString() (string, error)
- func (r *AuthnRequest) SignedString(privateKey crypto.PrivateKey) (string, error)
- func (r *AuthnRequest) String() (string, error)
- func (r *AuthnRequest) Validate(cert []byte) error
- type CanonicalizationMethod
- type Conditions
- type DigestMethod
- type DigestValue
- type EntityAttributes
- type EntityDescriptor
- type Extensions
- type IDPSSODescriptor
- type IdentityProviderSettings
- type Issuer
- type KeyDescriptor
- type KeyInfo
- type NameID
- type NameIDPolicy
- type RequestedAuthnContext
- type Response
- func (r *Response) AddAttribute(name, value string)
- func (r *Response) CompressedEncodedSignedString(privateKey crypto.PrivateKey) (string, error)
- func (r *Response) EncodedSignedString(privateKey crypto.PrivateKey) (string, error)
- func (r *Response) GetAttribute(name string) string
- func (r *Response) SignedString(privateKey crypto.PrivateKey) (string, error)
- func (r *Response) String() (string, error)
- func (r *Response) Validate(s *ServiceProviderConfig) error
- type SPSSODescriptor
- type SPSSODescriptors
- type SSOService
- type SamlsigReference
- type ServiceProviderConfig
- type Signature
- type SignatureMethod
- type SignatureValue
- type SignedInfo
- type SingleLogoutService
- type Status
- type StatusCode
- type Subject
- type SubjectConfirmation
- type SubjectConfirmationData
- type Transform
- type Transforms
- type X509Certificate
- type X509Data
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetAuthnRequestURL ¶
GetAuthnRequestURL generate a URL for the AuthnRequest to the IdP with the SAMLRequst parameter encoded
func ParseIDPMetadata ¶
func ParseIDPMetadata(metadata []byte) (string, *x509.Certificate, error)
func SignRequest ¶
SignRequest signs a SAML 2.0 AuthnRequest xmlsec1 is run out of process through `exec`
func SignResponse ¶
SignResponse signs a SAML 2.0 Response xmlsec1 is run out of process through `exec`
func VerifyRequestSignature ¶
VerifyRequestSignature verify signature of a SAML 2.0 AuthnRequest document xmlsec1 is run out of process through `exec`
func VerifyResponseSignature ¶
VerifyResponseSignature verify signature of a SAML 2.0 Response document xmlsec1 is run out of process through `exec`
Types ¶
type Assertion ¶
type Assertion struct { XMLName xml.Name ID string `xml:"ID,attr"` Version string `xml:"Version,attr"` XS string `xml:"xmlns:xs,attr"` XSI string `xml:"xmlns:xsi,attr"` SAML string `xml:"saml,attr"` IssueInstant string `xml:"IssueInstant,attr"` Issuer Issuer `xml:"Issuer"` Subject Subject Conditions Conditions AttributeStatement AttributeStatement }
type AttributeStatement ¶
type AttributeValue ¶
type AuthnContextClassRef ¶
type AuthnRequest ¶
type AuthnRequest struct { XMLName xml.Name SAMLP string `xml:"xmlns:saml2p,attr"` SAML string `xml:"xmlns:saml,attr"` SAMLSIG string `xml:"xmlns:samlsig,attr"` ID string `xml:"ID,attr"` Version string `xml:"Version,attr"` ProtocolBinding string `xml:"ProtocolBinding,attr"` AssertionConsumerServiceURL string `xml:"AssertionConsumerServiceURL,attr"` Destination string `xml:"Destination,attr"` ForceAuthn string `xml:"ForceAuthn,attr,omitempty"` IssueInstant string `xml:"IssueInstant,attr"` AssertionConsumerServiceIndex int `xml:"AssertionConsumerServiceIndex,attr"` AttributeConsumingServiceIndex int `xml:"AttributeConsumingServiceIndex,attr"` Issuer Issuer `xml:"Issuer"` NameIDPolicy NameIDPolicy `xml:"NameIDPolicy"` RequestedAuthnContext RequestedAuthnContext `xml:"RequestedAuthnContext"` Signature Signature `xml:"Signature,omitempty"` // contains filtered or unexported fields }
func NewAuthnRequest ¶
func NewAuthnRequest() *AuthnRequest
func ParseCompressedEncodedRequest ¶
func ParseCompressedEncodedRequest(b64RequestXML string) (*AuthnRequest, error)
func ParseEncodedRequest ¶
func ParseEncodedRequest(b64RequestXML string) (*AuthnRequest, error)
func (*AuthnRequest) CompressedEncodedSignedString ¶
func (r *AuthnRequest) CompressedEncodedSignedString(privateKey crypto.PrivateKey) (string, error)
func (*AuthnRequest) CompressedEncodedString ¶
func (r *AuthnRequest) CompressedEncodedString() (string, error)
func (*AuthnRequest) EncodedSignedString ¶
func (r *AuthnRequest) EncodedSignedString(privateKey crypto.PrivateKey) (string, error)
GetAuthnRequestURL generate a URL for the AuthnRequest to the IdP with the SAMLRequst parameter encoded
func (*AuthnRequest) EncodedString ¶
func (r *AuthnRequest) EncodedString() (string, error)
func (*AuthnRequest) SignedString ¶
func (r *AuthnRequest) SignedString(privateKey crypto.PrivateKey) (string, error)
func (*AuthnRequest) String ¶
func (r *AuthnRequest) String() (string, error)
func (*AuthnRequest) Validate ¶
func (r *AuthnRequest) Validate(cert []byte) error
type CanonicalizationMethod ¶
type Conditions ¶
type DigestMethod ¶
type DigestValue ¶
type EntityAttributes ¶
type EntityDescriptor ¶
type EntityDescriptor struct { XMLName xml.Name DS string `xml:"xmlns:ds,attr"` XMLNS string `xml:"xmlns,attr"` MD string `xml:"xmlns:md,attr"` EntityId string `xml:"entityID,attr"` Extensions Extensions `xml:"Extensions"` IDPSSODescriptor IDPSSODescriptor `xml:"IDPSSODescriptor"` SPSSODescriptor SPSSODescriptor `xml:"SPSSODescriptor"` }
type Extensions ¶
type IDPSSODescriptor ¶
type IDPSSODescriptor struct { XMLName xml.Name SSOService []SSOService `xml:"SingleSignOnService"` KeyDescriptor []KeyDescriptor `xml:"KeyDescriptor"` }
type IdentityProviderSettings ¶
type IdentityProviderSettings struct { }
type KeyDescriptor ¶
type NameIDPolicy ¶
type RequestedAuthnContext ¶
type RequestedAuthnContext struct { XMLName xml.Name SAMLP string `xml:"xmlns:saml2p,attr"` Comparison string `xml:"Comparison,attr"` AuthnContextClassRef AuthnContextClassRef `xml:"AuthnContextClassRef"` }
type Response ¶
type Response struct { XMLName xml.Name SAMLP string `xml:"xmlns:samlp,attr"` SAML string `xml:"xmlns:saml,attr"` SAMLSIG string `xml:"xmlns:samlsig,attr"` Destination string `xml:"Destination,attr"` ID string `xml:"ID,attr"` Version string `xml:"Version,attr"` IssueInstant string `xml:"IssueInstant,attr"` InResponseTo string `xml:"InResponseTo,attr"` Assertion Assertion `xml:"Assertion"` Signature Signature `xml:"Signature"` Issuer Issuer `xml:"Issuer"` Status Status `xml:"Status"` // contains filtered or unexported fields }
func NewSignedResponse ¶
func NewSignedResponse() *Response
func ParseEncodedResponse ¶
func (*Response) AddAttribute ¶
AddAttribute add strong attribute to the Response
func (*Response) CompressedEncodedSignedString ¶
func (r *Response) CompressedEncodedSignedString(privateKey crypto.PrivateKey) (string, error)
func (*Response) EncodedSignedString ¶
func (r *Response) EncodedSignedString(privateKey crypto.PrivateKey) (string, error)
func (*Response) GetAttribute ¶
GetAttribute by Name or by FriendlyName. Return blank string if not found
func (*Response) SignedString ¶
func (r *Response) SignedString(privateKey crypto.PrivateKey) (string, error)
func (*Response) Validate ¶
func (r *Response) Validate(s *ServiceProviderConfig) error
type SPSSODescriptor ¶
type SPSSODescriptor struct { XMLName xml.Name ProtocolSupportEnumeration string `xml:"protocolSupportEnumeration,attr"` SigningKeyDescriptor KeyDescriptor EncryptionKeyDescriptor KeyDescriptor // SingleLogoutService SingleLogoutService `xml:"SingleLogoutService"` AssertionConsumerServices []AssertionConsumerService }
type SPSSODescriptors ¶
type SPSSODescriptors struct { }
type SSOService ¶
type SamlsigReference ¶
type SamlsigReference struct { XMLName xml.Name URI string `xml:"URI,attr"` Transforms Transforms `xml:",innerxml"` DigestMethod DigestMethod `xml:",innerxml"` DigestValue DigestValue `xml:",innerxml"` }
type ServiceProviderConfig ¶
type ServiceProviderConfig struct { PrivateKey crypto.PrivateKey Cert *x509.Certificate IDPSSOURL string IDPSSODescriptorURL string IDPCert *x509.Certificate AssertionConsumerServiceURL string SPSignRequest bool // AssertionValidity provides flexibility and can be enforced in addition to // SubjectConfirmationData.NotOnOrAfter field in the response while determining // expiry AssertionValidity time.Duration }
ServiceProviderConfig provides settings to configure server acting as a SAML Service Provider. Expect only one IDP per SP in this configuration. If you need to configure multipe IDPs for an SP then configure multiple instances of this module
func (*ServiceProviderConfig) GetAuthnRequest ¶
func (s *ServiceProviderConfig) GetAuthnRequest() (*AuthnRequest, error)
GetSignedAuthnRequest returns a singed XML document that represents a AuthnRequest SAML document
func (*ServiceProviderConfig) GetEntityDescriptor ¶
func (s *ServiceProviderConfig) GetEntityDescriptor() (string, error)
type Signature ¶
type Signature struct { XMLName xml.Name Id string `xml:"Id,attr"` SignedInfo SignedInfo SignatureValue SignatureValue KeyInfo KeyInfo }
type SignatureMethod ¶
type SignatureValue ¶
type SignedInfo ¶
type SignedInfo struct { XMLName xml.Name CanonicalizationMethod CanonicalizationMethod SignatureMethod SignatureMethod SamlsigReference SamlsigReference }
type SingleLogoutService ¶
type Status ¶
type Status struct { XMLName xml.Name StatusCode StatusCode `xml:"StatusCode"` }
type StatusCode ¶
type Subject ¶
type Subject struct { XMLName xml.Name NameID NameID SubjectConfirmation SubjectConfirmation }
type SubjectConfirmation ¶
type SubjectConfirmation struct { XMLName xml.Name Method string `xml:",attr"` SubjectConfirmationData SubjectConfirmationData }
type SubjectConfirmationData ¶
type Transforms ¶
type X509Certificate ¶
type X509Data ¶
type X509Data struct { XMLName xml.Name X509Certificate X509Certificate `xml:"X509Certificate"` }