authn

package
v0.4.1-0...-3948fb3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 3, 2020 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	OAuth2Client_AuthenticationScheme_name = map[int32]string{
		0: "unspecified",
		1: "header",
		2: "query",
		3: "form",
		4: "none",
	}
	OAuth2Client_AuthenticationScheme_value = map[string]int32{
		"unspecified": 0,
		"header":      1,
		"query":       2,
		"form":        3,
		"none":        4,
	}
)

Enum value maps for OAuth2Client_AuthenticationScheme.

View Source 
var (
	Saml_SignatureDigest_name = map[int32]string{
		0: "UNSPECIFIED",
		1: "SHA1",
		2: "SHA256",
		3: "SHA384",
		4: "SHA512",
		5: "RIPEMD160",
		6: "MD5",
	}
	Saml_SignatureDigest_value = map[string]int32{
		"UNSPECIFIED": 0,
		"SHA1":        1,
		"SHA256":      2,
		"SHA384":      3,
		"SHA512":      4,
		"RIPEMD160":   5,
		"MD5":         6,
	}
)

Enum value maps for Saml_SignatureDigest.

View Source 
var File_security_authn_authn_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type Authentication 

type Authentication struct {

	// Whether to enabled authentication.
	Enabled *wrapperspb.BoolValue `protobuf:"bytes,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
	// OAuth 2.0 configuration.
	Oauth2 *OAuth2 `protobuf:"bytes,2,opt,name=oauth2,proto3" json:"oauth2,omitempty"`
	// SAML configuration.
	Saml *Saml `protobuf:"bytes,3,opt,name=saml,proto3" json:"saml,omitempty"`
	// LDAP configuration.
	Ldap *Ldap `protobuf:"bytes,4,opt,name=ldap,proto3" json:"ldap,omitempty"`
	// X509 configuration.
	X509 *X509 `protobuf:"bytes,5,opt,name=x509,proto3" json:"x509,omitempty"`
	// Google Cloud Identity-Aware Proxy configuration.
	Iap *Iap `protobuf:"bytes,6,opt,name=iap,proto3" json:"iap,omitempty"`
	// Basic username/password authentication.
	Basic *Basic `protobuf:"bytes,7,opt,name=basic,proto3" json:"basic,omitempty"`
	// contains filtered or unexported fields
}

Configuration of how users authenticate against Spinnaker.

func (*Authentication) Descriptor deprecated 

func (*Authentication) Descriptor() ([]byte, []int)

Deprecated: Use Authentication.ProtoReflect.Descriptor instead.

func (*Authentication) GetBasic 

func (x *Authentication) GetBasic() *Basic

func (*Authentication) GetEnabled 

func (x *Authentication) GetEnabled() *wrapperspb.BoolValue

func (*Authentication) GetIap 

func (x *Authentication) GetIap() *Iap

func (*Authentication) GetLdap 

func (x *Authentication) GetLdap() *Ldap

func (*Authentication) GetOauth2 

func (x *Authentication) GetOauth2() *OAuth2

func (*Authentication) GetSaml 

func (x *Authentication) GetSaml() *Saml

func (*Authentication) GetX509 

func (x *Authentication) GetX509() *X509

func (*Authentication) ProtoMessage 

func (*Authentication) ProtoMessage()

func (*Authentication) ProtoReflect 

func (x *Authentication) ProtoReflect() protoreflect.Message

func (*Authentication) Reset 

func (x *Authentication) Reset()

func (*Authentication) String 

func (x *Authentication) String() string

type Basic 

type Basic struct {

	// Whether the authentication method is enabled.
	Enabled *wrapperspb.BoolValue `protobuf:"bytes,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
	// The username and password used to log in via basic authentication.
	User *UsernamePassword `protobuf:"bytes,2,opt,name=user,proto3" json:"user,omitempty"`
	// contains filtered or unexported fields
}

Configuration for basic username/password authentication

func (*Basic) Descriptor deprecated 

func (*Basic) Descriptor() ([]byte, []int)

Deprecated: Use Basic.ProtoReflect.Descriptor instead.

func (*Basic) GetEnabled 

func (x *Basic) GetEnabled() *wrapperspb.BoolValue

func (*Basic) GetUser 

func (x *Basic) GetUser() *UsernamePassword

func (*Basic) ProtoMessage 

func (*Basic) ProtoMessage()

func (*Basic) ProtoReflect 

func (x *Basic) ProtoReflect() protoreflect.Message

func (*Basic) Reset 

func (x *Basic) Reset()

func (*Basic) String 

func (x *Basic) String() string

type Iap 

type Iap struct {

	// Whether the authentication method is enabled.
	Enabled *wrapperspb.BoolValue `protobuf:"bytes,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
	// The HTTP request header that contains the JWT token.
	JwtHeader string `protobuf:"bytes,2,opt,name=jwtHeader,proto3" json:"jwtHeader,omitempty"`
	// The Issuer from the ID token payload.
	IssuerId string `protobuf:"bytes,3,opt,name=issuerId,proto3" json:"issuerId,omitempty"`
	// The Audience from the ID token payload. You can retrieve this field from the
	// IAP console: https://cloud.google.com/iap/docs/signed-headers-howto#verify_the_id_token_header.
	Audience string `protobuf:"bytes,4,opt,name=audience,proto3" json:"audience,omitempty"`
	// The URL containing the Cloud IAP public keys in JWK format.
	IapVerifyKeyUrl string `protobuf:"bytes,5,opt,name=iapVerifyKeyUrl,proto3" json:"iapVerifyKeyUrl,omitempty"`
	// contains filtered or unexported fields
}

Configuration for authentication via Google Cloud Identity-Aware Proxy. Google Cloud Identity-Aware Proxy (IAP) is an authentication model that utilizes Google OAuth 2.0 and an authorization service to provide access control for users of GCP. After a user has been authenticated and authorized by IAP's service, a JWT token is passed along which Spinnaker uses to check for authenticity and to get the user email from the payload and sign the user in. To configure IAP, set the audience field retrieved from the IAP console.

func (*Iap) Descriptor deprecated 

func (*Iap) Descriptor() ([]byte, []int)

Deprecated: Use Iap.ProtoReflect.Descriptor instead.

func (*Iap) GetAudience 

func (x *Iap) GetAudience() string

func (*Iap) GetEnabled 

func (x *Iap) GetEnabled() *wrapperspb.BoolValue

func (*Iap) GetIapVerifyKeyUrl 

func (x *Iap) GetIapVerifyKeyUrl() string

func (*Iap) GetIssuerId 

func (x *Iap) GetIssuerId() string

func (*Iap) GetJwtHeader 

func (x *Iap) GetJwtHeader() string

func (*Iap) ProtoMessage 

func (*Iap) ProtoMessage()

func (*Iap) ProtoReflect 

func (x *Iap) ProtoReflect() protoreflect.Message

func (*Iap) Reset 

func (x *Iap) Reset()

func (*Iap) String 

func (x *Iap) String() string

type Ldap 

type Ldap struct {

	// Whether the authentication method is enabled.
	Enabled *wrapperspb.BoolValue `protobuf:"bytes,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
	// ldap:// or ldaps:// url of the LDAP server.
	Url string `protobuf:"bytes,2,opt,name=url,proto3" json:"url,omitempty"`
	// The pattern for finding a user's DN using simple pattern matching. For example,
	// if your LDAP server has the URL ldap://mysite.com/dc=spinnaker,dc=org, and
	// you have the pattern 'uid={0},ou=members', 'me' will map to a DN
	// uid=me,ou=members,dc=spinnaker,dc=org. If no match is found, will try to
	// find the user using user-search-filter, if set.
	UserDnPattern string `protobuf:"bytes,3,opt,name=userDnPattern,proto3" json:"userDnPattern,omitempty"`
	// The part of the directory tree under which user searches should be performed.
	// If user-search-base isn't supplied, the search will be performed from the root.
	UserSearchBase string `protobuf:"bytes,4,opt,name=userSearchBase,proto3" json:"userSearchBase,omitempty"`
	// The filter to use when searching for a user's DN. Will search either from
	// user-search-base (if specified) or root for entires matching the filter, then
	// attempt to bind as that user with the login password. For example, the filter
	// 'uid={0}' would apply to any user where uid matched the user's login name. If
	// -user-dn-pattern is also specified, will attempt to find a match using the
	// specified pattern first, before searching with the specified search filter
	// if no match is found from the pattern.
	UserSearchFilter string `protobuf:"bytes,5,opt,name=userSearchFilter,proto3" json:"userSearchFilter,omitempty"`
	// An LDAP manager user is required for binding to the LDAP server for the user
	// authentication process. This property refers to the DN of that entry. I.e.
	// this is not the user which will be authenticated when logging into DHIS2,
	// rather the user which binds to the LDAP server in order to do the authentication.
	ManagerDn string `protobuf:"bytes,6,opt,name=managerDn,proto3" json:"managerDn,omitempty"`
	// The password for the LDAP manager user.
	ManagerPassword string `protobuf:"bytes,7,opt,name=managerPassword,proto3" json:"managerPassword,omitempty"`
	// The part of the directory tree under which group searches should be performed.
	GroupSearchBase string `protobuf:"bytes,8,opt,name=groupSearchBase,proto3" json:"groupSearchBase,omitempty"`
	// contains filtered or unexported fields
}

Configuration for authentication via LDAP. Lightweight Directory Access Protocol (LDAP) is a standard way many organizations maintain user credentials and group memberships. Spinnaker uses the standard 'bind' approach for user authentication. This is a fancy way of saying that Gate uses your username and password to login to the LDAP server, and if the connection is successful, you're considered authenticated.

func (*Ldap) Descriptor deprecated 

func (*Ldap) Descriptor() ([]byte, []int)

Deprecated: Use Ldap.ProtoReflect.Descriptor instead.

func (*Ldap) GetEnabled 

func (x *Ldap) GetEnabled() *wrapperspb.BoolValue

func (*Ldap) GetGroupSearchBase 

func (x *Ldap) GetGroupSearchBase() string

func (*Ldap) GetManagerDn 

func (x *Ldap) GetManagerDn() string

func (*Ldap) GetManagerPassword 

func (x *Ldap) GetManagerPassword() string

func (*Ldap) GetUrl 

func (x *Ldap) GetUrl() string

func (*Ldap) GetUserDnPattern 

func (x *Ldap) GetUserDnPattern() string

func (*Ldap) GetUserSearchBase 

func (x *Ldap) GetUserSearchBase() string

func (*Ldap) GetUserSearchFilter 

func (x *Ldap) GetUserSearchFilter() string

func (*Ldap) ProtoMessage 

func (*Ldap) ProtoMessage()

func (*Ldap) ProtoReflect 

func (x *Ldap) ProtoReflect() protoreflect.Message

func (*Ldap) Reset 

func (x *Ldap) Reset()

func (*Ldap) String 

func (x *Ldap) String() string

type OAuth2 

type OAuth2 struct {

	// Whether the authentication method is enabled.
	Enabled *wrapperspb.BoolValue `protobuf:"bytes,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
	// Configuration for your OAuth 2.0 client.
	Client *OAuth2Client `protobuf:"bytes,2,opt,name=client,proto3" json:"client,omitempty"`
	// The map of requirements the userInfo request must have. This is used to
	// restrict user login to specific domains or having a specific attribute.
	UserInfoRequirements map[string]string `` /* 181-byte string literal not displayed */
	// Configuration for OAuth 2.0 resources.
	Resource *OAuth2Resource `protobuf:"bytes,4,opt,name=resource,proto3" json:"resource,omitempty"`
	// Mapping of user attributes to fields returned by your OAuth 2.0 provider.
	// This field controls how the fields returned from the OAuth 2.0 provider's user
	// info endpoint are translated into a Spinnaker user.
	UserInfoMapping *OAuth2UserInfoMapping `protobuf:"bytes,5,opt,name=userInfoMapping,proto3" json:"userInfoMapping,omitempty"`
	// contains filtered or unexported fields
}

Configuration for authentication via OAuth 2.0.

func (*OAuth2) Descriptor deprecated 

func (*OAuth2) Descriptor() ([]byte, []int)

Deprecated: Use OAuth2.ProtoReflect.Descriptor instead.

func (*OAuth2) GetClient 

func (x *OAuth2) GetClient() *OAuth2Client

func (*OAuth2) GetEnabled 

func (x *OAuth2) GetEnabled() *wrapperspb.BoolValue

func (*OAuth2) GetResource 

func (x *OAuth2) GetResource() *OAuth2Resource

func (*OAuth2) GetUserInfoMapping 

func (x *OAuth2) GetUserInfoMapping() *OAuth2UserInfoMapping

func (*OAuth2) GetUserInfoRequirements 

func (x *OAuth2) GetUserInfoRequirements() map[string]string

func (*OAuth2) ProtoMessage 

func (*OAuth2) ProtoMessage()

func (*OAuth2) ProtoReflect 

func (x *OAuth2) ProtoReflect() protoreflect.Message

func (*OAuth2) Reset 

func (x *OAuth2) Reset()

func (*OAuth2) String 

func (x *OAuth2) String() string

type OAuth2Client 

type OAuth2Client struct {

	// The OAuth client ID you have configured with your OAuth 2.0 provider.
	ClientId string `protobuf:"bytes,1,opt,name=clientId,proto3" json:"clientId,omitempty"`
	// The OAuth client secret you have configured with your OAuth provider.
	ClientSecret string `protobuf:"bytes,2,opt,name=clientSecret,proto3" json:"clientSecret,omitempty"`
	// The access token uri for your OAuth provider.
	AccessTokenUri string `protobuf:"bytes,3,opt,name=accessTokenUri,proto3" json:"accessTokenUri,omitempty"`
	// The user authorization uri for your OAuth 2.0 provider.
	UserAuthorizationUri string `protobuf:"bytes,4,opt,name=userAuthorizationUri,proto3" json:"userAuthorizationUri,omitempty"`
	// The method used to transmit authentication credentials to your OAuth 2.0
	// provider.
	ClientAuthenticationScheme OAuth2Client_AuthenticationScheme `` /* 166-byte string literal not displayed */
	// The scope to request when obtaining an access token from your OAuth 2.0 provider.
	Scope string `protobuf:"bytes,6,opt,name=scope,proto3" json:"scope,omitempty"`
	// The externally accessible URL for Gate. For use with load balancers that do
	// any kind of address manipulation for Gate traffic, such as an SSL terminating
	// load balancer.
	PreEstablishedRedirectUri string `protobuf:"bytes,7,opt,name=preEstablishedRedirectUri,proto3" json:"preEstablishedRedirectUri,omitempty"`
	// Whether the current URI in the request should be preferred over the pre-established
	// redirect URI.
	UseCurrentUri *wrapperspb.BoolValue `protobuf:"bytes,8,opt,name=useCurrentUri,proto3" json:"useCurrentUri,omitempty"`
	// contains filtered or unexported fields
}

Configuration for an OAuth 2.0 client.

func (*OAuth2Client) Descriptor deprecated 

func (*OAuth2Client) Descriptor() ([]byte, []int)

Deprecated: Use OAuth2Client.ProtoReflect.Descriptor instead.

func (*OAuth2Client) GetAccessTokenUri 

func (x *OAuth2Client) GetAccessTokenUri() string

func (*OAuth2Client) GetClientAuthenticationScheme 

func (x *OAuth2Client) GetClientAuthenticationScheme() OAuth2Client_AuthenticationScheme

func (*OAuth2Client) GetClientId 

func (x *OAuth2Client) GetClientId() string

func (*OAuth2Client) GetClientSecret 

func (x *OAuth2Client) GetClientSecret() string

func (*OAuth2Client) GetPreEstablishedRedirectUri 

func (x *OAuth2Client) GetPreEstablishedRedirectUri() string

func (*OAuth2Client) GetScope 

func (x *OAuth2Client) GetScope() string

func (*OAuth2Client) GetUseCurrentUri 

func (x *OAuth2Client) GetUseCurrentUri() *wrapperspb.BoolValue

func (*OAuth2Client) GetUserAuthorizationUri 

func (x *OAuth2Client) GetUserAuthorizationUri() string

func (*OAuth2Client) ProtoMessage 

func (*OAuth2Client) ProtoMessage()

func (*OAuth2Client) ProtoReflect 

func (x *OAuth2Client) ProtoReflect() protoreflect.Message

func (*OAuth2Client) Reset 

func (x *OAuth2Client) Reset()

func (*OAuth2Client) String 

func (x *OAuth2Client) String() string

type OAuth2Client_AuthenticationScheme 

type OAuth2Client_AuthenticationScheme int32

Methods to transmit authentication tokens to an OAuth 2.0 provider. 

const (
	// Unspecified. Do not directly use, instead omit the field.
	OAuth2Client_unspecified OAuth2Client_AuthenticationScheme = 0
	// Token is sent in the request header.
	OAuth2Client_header OAuth2Client_AuthenticationScheme = 1
	// Token is sent as a query parameter.
	OAuth2Client_query OAuth2Client_AuthenticationScheme = 2
	// Token is sent in the form body.
	OAuth2Client_form OAuth2Client_AuthenticationScheme = 3
	// Token is not sent at all.
	OAuth2Client_none OAuth2Client_AuthenticationScheme = 4
)

func (OAuth2Client_AuthenticationScheme) Descriptor 

func (OAuth2Client_AuthenticationScheme) Descriptor() protoreflect.EnumDescriptor

func (OAuth2Client_AuthenticationScheme) Enum 

func (x OAuth2Client_AuthenticationScheme) Enum() *OAuth2Client_AuthenticationScheme

func (OAuth2Client_AuthenticationScheme) EnumDescriptor deprecated 

func (OAuth2Client_AuthenticationScheme) EnumDescriptor() ([]byte, []int)

Deprecated: Use OAuth2Client_AuthenticationScheme.Descriptor instead.

func (OAuth2Client_AuthenticationScheme) Number 

func (x OAuth2Client_AuthenticationScheme) Number() protoreflect.EnumNumber

func (OAuth2Client_AuthenticationScheme) String 

func (x OAuth2Client_AuthenticationScheme) String() string

func (OAuth2Client_AuthenticationScheme) Type 

func (OAuth2Client_AuthenticationScheme) Type() protoreflect.EnumType

type OAuth2Resource 

type OAuth2Resource struct {

	// The user info URI for your OAuth 2.0 provider.
	UserInfoUri string `protobuf:"bytes,1,opt,name=userInfoUri,proto3" json:"userInfoUri,omitempty"`
	// contains filtered or unexported fields
}

Configuration for OAuth 2.0 resources.

func (*OAuth2Resource) Descriptor deprecated 

func (*OAuth2Resource) Descriptor() ([]byte, []int)

Deprecated: Use OAuth2Resource.ProtoReflect.Descriptor instead.

func (*OAuth2Resource) GetUserInfoUri 

func (x *OAuth2Resource) GetUserInfoUri() string

func (*OAuth2Resource) ProtoMessage 

func (*OAuth2Resource) ProtoMessage()

func (*OAuth2Resource) ProtoReflect 

func (x *OAuth2Resource) ProtoReflect() protoreflect.Message

func (*OAuth2Resource) Reset 

func (x *OAuth2Resource) Reset()

func (*OAuth2Resource) String 

func (x *OAuth2Resource) String() string

type OAuth2UserInfoMapping 

type OAuth2UserInfoMapping struct {

	// Email.
	Email string `protobuf:"bytes,1,opt,name=email,proto3" json:"email,omitempty"`
	// First name.
	FirstName string `protobuf:"bytes,2,opt,name=firstName,proto3" json:"firstName,omitempty"`
	// Last name.
	LastName string `protobuf:"bytes,3,opt,name=lastName,proto3" json:"lastName,omitempty"`
	// Username.
	Username string `protobuf:"bytes,4,opt,name=username,proto3" json:"username,omitempty"`
	// contains filtered or unexported fields
}

Mapping of user attributes to fields returned by an OAuth 2.0 provider. This field controls how the fields returned from the OAuth 2.0 provider's user info endpoint are translated into a Spinnaker user.

func (*OAuth2UserInfoMapping) Descriptor deprecated 

func (*OAuth2UserInfoMapping) Descriptor() ([]byte, []int)

Deprecated: Use OAuth2UserInfoMapping.ProtoReflect.Descriptor instead.

func (*OAuth2UserInfoMapping) GetEmail 

func (x *OAuth2UserInfoMapping) GetEmail() string

func (*OAuth2UserInfoMapping) GetFirstName 

func (x *OAuth2UserInfoMapping) GetFirstName() string

func (*OAuth2UserInfoMapping) GetLastName 

func (x *OAuth2UserInfoMapping) GetLastName() string

func (*OAuth2UserInfoMapping) GetUsername 

func (x *OAuth2UserInfoMapping) GetUsername() string

func (*OAuth2UserInfoMapping) ProtoMessage 

func (*OAuth2UserInfoMapping) ProtoMessage()

func (*OAuth2UserInfoMapping) ProtoReflect 

func (x *OAuth2UserInfoMapping) ProtoReflect() protoreflect.Message

func (*OAuth2UserInfoMapping) Reset 

func (x *OAuth2UserInfoMapping) Reset()

func (*OAuth2UserInfoMapping) String 

func (x *OAuth2UserInfoMapping) String() string

type Saml 

type Saml struct {

	// Whether the authentication method is enabled.
	Enabled *wrapperspb.BoolValue `protobuf:"bytes,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
	// The path to a local file containing identity provider's metadata XML file; can
	// be either a local file or a URI.
	MetadataUrl string `protobuf:"bytes,2,opt,name=metadataUrl,proto3" json:"metadataUrl,omitempty"`
	// The identity of the Spinnaker application registered with the SAML provider.
	IssuerId string `protobuf:"bytes,3,opt,name=issuerId,proto3" json:"issuerId,omitempty"`
	// Path to the keystore that contains this server's private key. This key is
	// used to cryptographically sign SAML AuthNRequest objects.
	KeyStore string `protobuf:"bytes,4,opt,name=keyStore,proto3" json:"keyStore,omitempty"`
	// The password used to access the file specified in -keystore.
	KeyStorePassword string `protobuf:"bytes,5,opt,name=keyStorePassword,proto3" json:"keyStorePassword,omitempty"`
	// The name of the alias under which this server's private key is stored in
	// the -keystore file.
	KeyStoreAliasName string `protobuf:"bytes,6,opt,name=keyStoreAliasName,proto3" json:"keyStoreAliasName,omitempty"`
	// The host name of the gate server as accessible by the SAML identity
	// provider. If deployed behind a load balancer, this would be the load
	// balancer's address. (Ex: gate.org.com:8084)
	RedirectHostname string `protobuf:"bytes,7,opt,name=redirectHostname,proto3" json:"redirectHostname,omitempty"`
	// The base path on the gate server to which redirects will be sent. Defaults
	// to '/' if absent.
	RedirectBasePath string `protobuf:"bytes,8,opt,name=redirectBasePath,proto3" json:"redirectBasePath,omitempty"`
	// The protocol to use to when redirecting back to the Gate server. Defaults
	// to 'https' if absent.
	RedirectProtocol string `protobuf:"bytes,9,opt,name=redirectProtocol,proto3" json:"redirectProtocol,omitempty"`
	// Configuration for fields returned from your SAML provider.
	UserAttributeMapping *Saml_UserAttributes `protobuf:"bytes,10,opt,name=userAttributeMapping,proto3" json:"userAttributeMapping,omitempty"`
	// Digest algorithm to sign SAML messages (optional).
	SignatureDigest Saml_SignatureDigest `` /* 132-byte string literal not displayed */
	// contains filtered or unexported fields
}

Configuration for authentication via SAML. SAML authenticates users by passing cryptographically signed XML documents between the Gate server and an identity provider. Gate's key is stored and accessed via the -keystore parameters, while the identity provider's keys are included in the metadata.xml. Finally, the identity provider must redirect the control flow (through the user's browser) back to Gate by way of the -serviceAddressUrl. This is likely the address of Gate's load balancer.

func (*Saml) Descriptor deprecated 

func (*Saml) Descriptor() ([]byte, []int)

Deprecated: Use Saml.ProtoReflect.Descriptor instead.

func (*Saml) GetEnabled 

func (x *Saml) GetEnabled() *wrapperspb.BoolValue

func (*Saml) GetIssuerId 

func (x *Saml) GetIssuerId() string

func (*Saml) GetKeyStore 

func (x *Saml) GetKeyStore() string

func (*Saml) GetKeyStoreAliasName 

func (x *Saml) GetKeyStoreAliasName() string

func (*Saml) GetKeyStorePassword 

func (x *Saml) GetKeyStorePassword() string

func (*Saml) GetMetadataUrl 

func (x *Saml) GetMetadataUrl() string

func (*Saml) GetRedirectBasePath 

func (x *Saml) GetRedirectBasePath() string

func (*Saml) GetRedirectHostname 

func (x *Saml) GetRedirectHostname() string

func (*Saml) GetRedirectProtocol 

func (x *Saml) GetRedirectProtocol() string

func (*Saml) GetSignatureDigest 

func (x *Saml) GetSignatureDigest() Saml_SignatureDigest

func (*Saml) GetUserAttributeMapping 

func (x *Saml) GetUserAttributeMapping() *Saml_UserAttributes

func (*Saml) ProtoMessage 

func (*Saml) ProtoMessage()

func (*Saml) ProtoReflect 

func (x *Saml) ProtoReflect() protoreflect.Message

func (*Saml) Reset 

func (x *Saml) Reset()

func (*Saml) String 

func (x *Saml) String() string

type Saml_SignatureDigest 

type Saml_SignatureDigest int32

Digest algorithms to sign SAML messages. 

const (
	// Unspecified. Do not directly use, instead omit the field.
	Saml_UNSPECIFIED Saml_SignatureDigest = 0
	// Digest algorithm SHA1 (default).
	Saml_SHA1 Saml_SignatureDigest = 1
	// Digest algorithm SHA256.
	Saml_SHA256 Saml_SignatureDigest = 2
	// Digest algorithm SHA384.
	Saml_SHA384 Saml_SignatureDigest = 3
	// Digest algorithm SHA512.
	Saml_SHA512 Saml_SignatureDigest = 4
	// Digest algorithm RIPEMD160.
	Saml_RIPEMD160 Saml_SignatureDigest = 5
	// Digest algorithm MD5 (not recommended).
	Saml_MD5 Saml_SignatureDigest = 6
)

func (Saml_SignatureDigest) Descriptor 

func (Saml_SignatureDigest) Descriptor() protoreflect.EnumDescriptor

func (Saml_SignatureDigest) Enum 

func (x Saml_SignatureDigest) Enum() *Saml_SignatureDigest

func (Saml_SignatureDigest) EnumDescriptor deprecated 

func (Saml_SignatureDigest) EnumDescriptor() ([]byte, []int)

Deprecated: Use Saml_SignatureDigest.Descriptor instead.

func (Saml_SignatureDigest) Number 

func (x Saml_SignatureDigest) Number() protoreflect.EnumNumber

func (Saml_SignatureDigest) String 

func (x Saml_SignatureDigest) String() string

func (Saml_SignatureDigest) Type 

func (Saml_SignatureDigest) Type() protoreflect.EnumType

type Saml_UserAttributes 

type Saml_UserAttributes struct {

	// First name.
	FirstName string `protobuf:"bytes,1,opt,name=firstName,proto3" json:"firstName,omitempty"`
	// Last name.
	LastName string `protobuf:"bytes,2,opt,name=lastName,proto3" json:"lastName,omitempty"`
	// Roles.
	Roles string `protobuf:"bytes,3,opt,name=roles,proto3" json:"roles,omitempty"`
	// Roles delimiter.
	RolesDelimiter string `protobuf:"bytes,4,opt,name=rolesDelimiter,proto3" json:"rolesDelimiter,omitempty"`
	// Username.
	Username string `protobuf:"bytes,5,opt,name=username,proto3" json:"username,omitempty"`
	// Email.
	Email string `protobuf:"bytes,6,opt,name=email,proto3" json:"email,omitempty"`
	// contains filtered or unexported fields
}

Configuration for fields returned from your SAML provider.

func (*Saml_UserAttributes) Descriptor deprecated 

func (*Saml_UserAttributes) Descriptor() ([]byte, []int)

Deprecated: Use Saml_UserAttributes.ProtoReflect.Descriptor instead.

func (*Saml_UserAttributes) GetEmail 

func (x *Saml_UserAttributes) GetEmail() string

func (*Saml_UserAttributes) GetFirstName 

func (x *Saml_UserAttributes) GetFirstName() string

func (*Saml_UserAttributes) GetLastName 

func (x *Saml_UserAttributes) GetLastName() string

func (*Saml_UserAttributes) GetRoles 

func (x *Saml_UserAttributes) GetRoles() string

func (*Saml_UserAttributes) GetRolesDelimiter 

func (x *Saml_UserAttributes) GetRolesDelimiter() string

func (*Saml_UserAttributes) GetUsername 

func (x *Saml_UserAttributes) GetUsername() string

func (*Saml_UserAttributes) ProtoMessage 

func (*Saml_UserAttributes) ProtoMessage()

func (*Saml_UserAttributes) ProtoReflect 

func (x *Saml_UserAttributes) ProtoReflect() protoreflect.Message

func (*Saml_UserAttributes) Reset 

func (x *Saml_UserAttributes) Reset()

func (*Saml_UserAttributes) String 

func (x *Saml_UserAttributes) String() string

type UsernamePassword 

type UsernamePassword struct {

	// Username.
	Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
	// Password.
	Password string `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"`
	// contains filtered or unexported fields
}

Configuration for a username/password combination.

func (*UsernamePassword) Descriptor deprecated 

func (*UsernamePassword) Descriptor() ([]byte, []int)

Deprecated: Use UsernamePassword.ProtoReflect.Descriptor instead.

func (*UsernamePassword) GetPassword 

func (x *UsernamePassword) GetPassword() string

func (*UsernamePassword) GetUsername 

func (x *UsernamePassword) GetUsername() string

func (*UsernamePassword) ProtoMessage 

func (*UsernamePassword) ProtoMessage()

func (*UsernamePassword) ProtoReflect 

func (x *UsernamePassword) ProtoReflect() protoreflect.Message

func (*UsernamePassword) Reset 

func (x *UsernamePassword) Reset()

func (*UsernamePassword) String 

func (x *UsernamePassword) String() string

type X509 

type X509 struct {

	// Whether the authentication method is enabled.
	Enabled *wrapperspb.BoolValue `protobuf:"bytes,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
	// The OID that encodes roles that the user specified in the x509 certificate
	// belongs to.
	RoleOid string `protobuf:"bytes,2,opt,name=roleOid,proto3" json:"roleOid,omitempty"`
	// The regex used to parse the subject principal name embedded in the x509
	// certificate if necessary.
	SubjectPrincipalRegex string `protobuf:"bytes,3,opt,name=subjectPrincipalRegex,proto3" json:"subjectPrincipalRegex,omitempty"`
	// contains filtered or unexported fields
}

Configuration for authentication via X509 certificates. X509 authenticates users via client certificate and a corresponding private key. These certificates optionally provide authorization information via custom OIDs with corresponding group information for the user. This can be configured via -roleOid.

func (*X509) Descriptor deprecated 

func (*X509) Descriptor() ([]byte, []int)

Deprecated: Use X509.ProtoReflect.Descriptor instead.

func (*X509) GetEnabled 

func (x *X509) GetEnabled() *wrapperspb.BoolValue

func (*X509) GetRoleOid 

func (x *X509) GetRoleOid() string

func (*X509) GetSubjectPrincipalRegex 

func (x *X509) GetSubjectPrincipalRegex() string

func (*X509) ProtoMessage 

func (*X509) ProtoMessage()

func (*X509) ProtoReflect 

func (x *X509) ProtoReflect() protoreflect.Message

func (*X509) Reset 

func (x *X509) Reset()

func (*X509) String 

func (x *X509) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.