samlsp

package

Go to main page

Versions in this module

v0

v0.4.14

Oct 14, 2023

v0.4.13

Mar 22, 2023 GO-2023-2114

GO-2023-2114: Cross-site scripting via missing binding syntax validation in github.com/crewjam/saml

v0.4.12

Jan 14, 2023 GO-2023-1664GO-2023-2114

GO-2023-1664: Denial of service via deflate compression bomb in github.com/crewjam/saml

GO-2023-2114: Cross-site scripting via missing binding syntax validation in github.com/crewjam/saml

v0.4.11

Jan 12, 2023 GO-2023-1664GO-2023-2114

GO-2023-1664: Denial of service via deflate compression bomb in github.com/crewjam/saml

GO-2023-2114: Cross-site scripting via missing binding syntax validation in github.com/crewjam/saml

v0.4.10

Nov 28, 2022 GO-2023-1664GO-2023-2114

GO-2023-1664: Denial of service via deflate compression bomb in github.com/crewjam/saml

GO-2023-2114: Cross-site scripting via missing binding syntax validation in github.com/crewjam/saml

v0.4.9

Nov 28, 2022 GO-2023-1664GO-2023-2114

GO-2023-1664: Denial of service via deflate compression bomb in github.com/crewjam/saml

GO-2023-2114: Cross-site scripting via missing binding syntax validation in github.com/crewjam/saml

v0.4.8

Jun 25, 2022 GO-2022-1129GO-2023-1664GO-2023-2114

GO-2022-1129: Authentication bypass in github.com/crewjam/saml

GO-2023-1664: Denial of service via deflate compression bomb in github.com/crewjam/saml

GO-2023-2114: Cross-site scripting via missing binding syntax validation in github.com/crewjam/saml

v0.4.7

Jun 25, 2022 GO-2022-1129GO-2023-1664GO-2023-2114

GO-2022-1129: Authentication bypass in github.com/crewjam/saml

GO-2023-1664: Denial of service via deflate compression bomb in github.com/crewjam/saml

GO-2023-2114: Cross-site scripting via missing binding syntax validation in github.com/crewjam/saml

Changes in this version

type Options

+ LogoutBindings []string

+ RequestedAuthnContext *saml.RequestedAuthnContext

v0.4.6

Dec 10, 2021 GO-2022-1129GO-2023-1664GO-2023-2114

GO-2022-1129: Authentication bypass in github.com/crewjam/saml

GO-2023-1664: Denial of service via deflate compression bomb in github.com/crewjam/saml

GO-2023-2114: Cross-site scripting via missing binding syntax validation in github.com/crewjam/saml

Changes in this version

type CookieRequestTracker

+ RelayStateFunc func(w http.ResponseWriter, r *http.Request) string

type Middleware

+ ResponseBinding string

+ func (m *Middleware) ServeACS(w http.ResponseWriter, r *http.Request)

+ func (m *Middleware) ServeMetadata(w http.ResponseWriter, r *http.Request)

type Options

+ DefaultRedirectURI string

+ RelayStateFunc func(w http.ResponseWriter, r *http.Request) string

+ UseArtifactResponse bool

v0.4.5

Dec 14, 2020 GO-2022-1129GO-2023-1664GO-2023-2114

GO-2022-1129: Authentication bypass in github.com/crewjam/saml

GO-2023-1664: Denial of service via deflate compression bomb in github.com/crewjam/saml

GO-2023-2114: Cross-site scripting via missing binding syntax validation in github.com/crewjam/saml

Changes in this version

type CookieRequestTracker

+ SameSite http.SameSite

v0.4.4

Dec 14, 2020 GO-2022-1129GO-2023-1664GO-2023-2114

GO-2022-1129: Authentication bypass in github.com/crewjam/saml

GO-2023-1664: Denial of service via deflate compression bomb in github.com/crewjam/saml

GO-2023-2114: Cross-site scripting via missing binding syntax validation in github.com/crewjam/saml

v0.4.3

Dec 14, 2020 GO-2022-1129GO-2023-1664GO-2023-2114

GO-2022-1129: Authentication bypass in github.com/crewjam/saml

GO-2023-1664: Denial of service via deflate compression bomb in github.com/crewjam/saml

GO-2023-2114: Cross-site scripting via missing binding syntax validation in github.com/crewjam/saml

v0.4.2

Sep 29, 2020 GO-2021-0058GO-2022-1129GO-2023-1664GO-2023-2114

GO-2021-0058: Signature validation bypass due to XML processing error in github.com/crewjam/saml

GO-2022-1129: Authentication bypass in github.com/crewjam/saml

GO-2023-1664: Denial of service via deflate compression bomb in github.com/crewjam/saml

GO-2023-2114: Cross-site scripting via missing binding syntax validation in github.com/crewjam/saml

v0.4.1

Aug 12, 2020 GO-2021-0058GO-2022-1129GO-2023-1664GO-2023-2114

GO-2021-0058: Signature validation bypass due to XML processing error in github.com/crewjam/saml

GO-2022-1129: Authentication bypass in github.com/crewjam/saml

GO-2023-1664: Denial of service via deflate compression bomb in github.com/crewjam/saml

GO-2023-2114: Cross-site scripting via missing binding syntax validation in github.com/crewjam/saml

Changes in this version

type CookieSessionProvider

+ SameSite http.SameSite

type Options

+ CookieSameSite http.SameSite

+ SignRequest bool

v0.4.0

Feb 3, 2020 GO-2021-0058GO-2022-1129GO-2023-1664GO-2023-2114

GO-2021-0058: Signature validation bypass due to XML processing error in github.com/crewjam/saml

GO-2022-1129: Authentication bypass in github.com/crewjam/saml

GO-2023-1664: Denial of service via deflate compression bomb in github.com/crewjam/saml

GO-2023-2114: Cross-site scripting via missing binding syntax validation in github.com/crewjam/saml

Changes in this version

+ var ErrNoSession = errors.New("saml: session not present")

+ func AttributeFromContext(ctx context.Context, name string) string

+ func ContextWithSession(ctx context.Context, session Session) context.Context

+ func DefaultOnError(w http.ResponseWriter, r *http.Request, err error)

+ func DefaultServiceProvider(opts Options) saml.ServiceProvider

+ func FetchMetadata(ctx context.Context, httpClient *http.Client, metadataURL url.URL) (*saml.EntityDescriptor, error)

+ func ParseMetadata(data []byte) (*saml.EntityDescriptor, error)

+ type CookieRequestTracker struct

+ Codec TrackedRequestCodec

+ MaxAge time.Duration

+ NamePrefix string

+ ServiceProvider *saml.ServiceProvider

+ func DefaultRequestTracker(opts Options, serviceProvider *saml.ServiceProvider) CookieRequestTracker

+ func (t CookieRequestTracker) GetTrackedRequest(r *http.Request, index string) (*TrackedRequest, error)

+ func (t CookieRequestTracker) GetTrackedRequests(r *http.Request) []TrackedRequest

+ func (t CookieRequestTracker) StopTrackingRequest(w http.ResponseWriter, r *http.Request, index string) error

+ func (t CookieRequestTracker) TrackRequest(w http.ResponseWriter, r *http.Request, samlRequestID string) (string, error)

+ type CookieSessionProvider struct

+ Codec SessionCodec

+ Domain string

+ HTTPOnly bool

+ MaxAge time.Duration

+ Name string

+ Secure bool

+ func DefaultSessionProvider(opts Options) CookieSessionProvider

+ func (c CookieSessionProvider) CreateSession(w http.ResponseWriter, r *http.Request, assertion *saml.Assertion) error

+ func (c CookieSessionProvider) DeleteSession(w http.ResponseWriter, r *http.Request) error

+ func (c CookieSessionProvider) GetSession(r *http.Request) (Session, error)

+ type ErrorFunction func(w http.ResponseWriter, r *http.Request, err error)

+ type JWTSessionClaims struct

+ Attributes Attributes

+ SAMLSession bool

+ func (c JWTSessionClaims) GetAttributes() Attributes

+ type JWTSessionCodec struct

+ Audience string

+ Issuer string

+ Key *rsa.PrivateKey

+ MaxAge time.Duration

+ SigningMethod jwt.SigningMethod

+ func DefaultSessionCodec(opts Options) JWTSessionCodec

+ func (c JWTSessionCodec) Decode(signed string) (Session, error)

+ func (c JWTSessionCodec) Encode(s Session) (string, error)

+ func (c JWTSessionCodec) New(assertion *saml.Assertion) (Session, error)

+ type JWTTrackedRequestClaims struct

+ SAMLAuthnRequest bool

+ type JWTTrackedRequestCodec struct

+ Audience string

+ Issuer string

+ Key *rsa.PrivateKey

+ MaxAge time.Duration

+ SigningMethod jwt.SigningMethod

+ func DefaultTrackedRequestCodec(opts Options) JWTTrackedRequestCodec

+ func (s JWTTrackedRequestCodec) Decode(signed string) (*TrackedRequest, error)

+ func (s JWTTrackedRequestCodec) Encode(value TrackedRequest) (string, error)

type Middleware

+ OnError func(w http.ResponseWriter, r *http.Request, err error)

+ RequestTracker RequestTracker

+ Session SessionProvider

+ func (m *Middleware) CreateSessionFromAssertion(w http.ResponseWriter, r *http.Request, assertion *saml.Assertion)

+ func (m *Middleware) HandleStartAuthFlow(w http.ResponseWriter, r *http.Request)

type Options

+ EntityID string

+ type RequestTracker interface

+ GetTrackedRequest func(r *http.Request, index string) (*TrackedRequest, error)

+ GetTrackedRequests func(r *http.Request) []TrackedRequest

+ StopTrackingRequest func(w http.ResponseWriter, r *http.Request, index string) error

+ TrackRequest func(w http.ResponseWriter, r *http.Request, samlRequestID string) (index string, err error)

+ type Session interface

+ func SessionFromContext(ctx context.Context) Session

+ type SessionCodec interface

+ Decode func(string) (Session, error)

+ Encode func(s Session) (string, error)

+ New func(assertion *saml.Assertion) (Session, error)

+ type SessionProvider interface

+ CreateSession func(w http.ResponseWriter, r *http.Request, assertion *saml.Assertion) error

+ DeleteSession func(w http.ResponseWriter, r *http.Request) error

+ GetSession func(r *http.Request) (Session, error)

+ type SessionWithAttributes interface

+ GetAttributes func() Attributes

+ type TrackedRequest struct

+ Index string

+ SAMLRequestID string

+ URI string

+ type TrackedRequestCodec interface

+ Decode func(signed string) (*TrackedRequest, error)

+ Encode func(value TrackedRequest) (string, error)

v0.3.1

Nov 20, 2019 GO-2021-0058GO-2022-1129GO-2023-1664GO-2023-2114

GO-2021-0058: Signature validation bypass due to XML processing error in github.com/crewjam/saml

GO-2022-1129: Authentication bypass in github.com/crewjam/saml

GO-2023-1664: Denial of service via deflate compression bomb in github.com/crewjam/saml

GO-2023-2114: Cross-site scripting via missing binding syntax validation in github.com/crewjam/saml

v0.3.0

Oct 31, 2019 GO-2021-0058GO-2022-1129GO-2023-1664GO-2023-2114

GO-2021-0058: Signature validation bypass due to XML processing error in github.com/crewjam/saml

GO-2022-1129: Authentication bypass in github.com/crewjam/saml

GO-2023-1664: Denial of service via deflate compression bomb in github.com/crewjam/saml

GO-2023-2114: Cross-site scripting via missing binding syntax validation in github.com/crewjam/saml

Changes in this version

+ func RequireAttribute(name, value string) func(http.Handler) http.Handler

+ func WithToken(ctx context.Context, token *AuthorizationToken) context.Context

+ type Attributes map[string][]string

+ func (a Attributes) Get(key string) string

+ type AuthorizationToken struct

+ Attributes Attributes

+ func Token(ctx context.Context) *AuthorizationToken

+ type ClientCookies struct

+ Domain string

+ Name string

+ Secure bool

+ ServiceProvider *saml.ServiceProvider

+ func (c ClientCookies) DeleteState(w http.ResponseWriter, r *http.Request, id string) error

+ func (c ClientCookies) GetState(r *http.Request, id string) string

+ func (c ClientCookies) GetStates(r *http.Request) map[string]string

+ func (c ClientCookies) GetToken(r *http.Request) string

+ func (c ClientCookies) SetState(w http.ResponseWriter, r *http.Request, id string, value string)

+ func (c ClientCookies) SetToken(w http.ResponseWriter, r *http.Request, value string, maxAge time.Duration)

+ type ClientState interface

+ DeleteState func(w http.ResponseWriter, r *http.Request, id string) error

+ GetState func(r *http.Request, id string) string

+ GetStates func(r *http.Request) map[string]string

+ SetState func(w http.ResponseWriter, r *http.Request, id string, value string)

+ type ClientToken interface

+ GetToken func(r *http.Request) string

+ SetToken func(w http.ResponseWriter, r *http.Request, value string, maxAge time.Duration)

+ type Middleware struct

+ AllowIDPInitiated bool

+ Binding string

+ ClientState ClientState

+ ClientToken ClientToken

+ ServiceProvider saml.ServiceProvider

+ TokenMaxAge time.Duration

+ func New(opts Options) (*Middleware, error)

+ func (m *Middleware) Authorize(w http.ResponseWriter, r *http.Request, assertion *saml.Assertion)

+ func (m *Middleware) GetAuthorizationToken(r *http.Request) *AuthorizationToken

+ func (m *Middleware) IsAuthorized(r *http.Request) bool

+ func (m *Middleware) RequireAccount(handler http.Handler) http.Handler

+ func (m *Middleware) RequireAccountHandler(w http.ResponseWriter, r *http.Request)

+ func (m *Middleware) ServeHTTP(w http.ResponseWriter, r *http.Request)

+ type Options struct

+ AllowIDPInitiated bool

+ Certificate *x509.Certificate

+ CookieDomain string

+ CookieMaxAge time.Duration

+ CookieName string

+ CookieSecure bool

+ ForceAuthn bool

+ HTTPClient *http.Client

+ IDPMetadata *saml.EntityDescriptor

+ IDPMetadataURL *url.URL

+ Intermediates []*x509.Certificate

+ Key *rsa.PrivateKey

+ Logger logger.Interface

+ URL url.URL

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL