idp

package
v0.8.1-0...-5a59205 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 9, 2021 License: Apache-2.0 Imports: 37 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrInvalidPassword = errors.New("invalid login or password")

ErrInvalidPassword should be returned by PasswordValidator if the account doesn't exist or the password is incorrect.

Functions

func ConfigureTLS 

func ConfigureTLS() (*tls.Config, error)

ConfigureTLS not requiring users to present client certificates.

Types

type AssertionConsumerService 

type AssertionConsumerService struct {
	Index     uint32
	IsDefault bool
	Binding   string
	Location  string
}

AssertionConsumerService is a SAML assertion consumer service

type AttributeSource 

type AttributeSource interface {
	AddAttributes(*model.User, *model.AuthnRequest) error
}

AttributeSource allows implementations to retrieve user attributes from any upstream source such as a database, LDAP, or Web service.

func NewAttributeSource 

func NewAttributeSource() (AttributeSource, error)

NewAttributeSource provides a default SAML attribute source that reads user information from the users key in the viper configuration

type Auditor 

type Auditor interface {
	LogSuccess(*model.User, *model.AuthnRequest, LoginType)
}

Auditor is responsible for capturing login events

func DefaultAuditor 

func DefaultAuditor() Auditor

DefaultAuditor returns a do nothing Auditor implementation

type IDP 

type IDP struct {
	// You can include other routes by providing a router or
	// one will be created. Alternatively, you can add routes and
	// middleware to the Handler
	Router *httprouter.Router
	// Short term cache for saving state during authentication
	TempCache store.Cache
	// Longer term cache of authenticated users
	UserCache              store.Cache
	TLSConfig              *tls.Config
	PasswordValidator      PasswordValidator
	AttributeSources       []AttributeSource
	MetadataHandler        http.HandlerFunc
	ArtifactResolveHandler http.HandlerFunc
	RedirectSSOHandler     http.HandlerFunc
	ECPHandler             http.HandlerFunc
	PasswordLoginHandler   http.HandlerFunc
	QueryHandler           http.HandlerFunc
	Error                  func(w http.ResponseWriter, error string, code int)
	UIHandler              http.Handler
	Auditor                Auditor
	// contains filtered or unexported fields
}

IDP is the main data structure for the IDP. Public members can be used to alter behavior. Otherwise defaults are fine.

func (*IDP) DefaultArtifactResolveHandler 

func (i *IDP) DefaultArtifactResolveHandler() http.HandlerFunc

DefaultArtifactResolveHandler is the default implementation for the artifact resolution handler. It can be used as is, wrapped in other handlers, or replaced completely.

func (*IDP) DefaultECPHandler 

func (i *IDP) DefaultECPHandler() http.HandlerFunc

func (*IDP) DefaultMetadataHandler 

func (i *IDP) DefaultMetadataHandler() (http.HandlerFunc, error)

DefaultMetadataHandler is the default implementation for the metadata display handler. It can be used as is, wrapped in other handlers, or replaced completely.

func (*IDP) DefaultPasswordLoginHandler 

func (i *IDP) DefaultPasswordLoginHandler() http.HandlerFunc

DefaultPasswordLoginHandler is the default implementation for the password login handler. It can be used as is, wrapped in other handlers, or replaced completely.

func (*IDP) DefaultQueryHandler 

func (i *IDP) DefaultQueryHandler() http.HandlerFunc

DefaultQueryHandler is the default implementation for the attribute query handler. It can be used as is, wrapped in other handlers, or replaced completely.

func (*IDP) DefaultRedirectSSOHandler 

func (i *IDP) DefaultRedirectSSOHandler() http.HandlerFunc

DefaultRedirectSSOHandler is the default implementation for the redirect login handler. It can be used as is, wrapped in other handlers, or replaced completely.

func (*IDP) Handler 

func (i *IDP) Handler() (http.Handler, error)

Handler returns the IDP's http.Handler including all sub routes or an error

type LoginType 

type LoginType int

LoginType type of credential used for authentication 

const (
	// CertificateLogin user logged in via certificate
	CertificateLogin LoginType = iota
	// PasswordLogin user logged in via password
	PasswordLogin
)

type PasswordValidator 

type PasswordValidator interface {
	Validate(user, password string) error
}

PasswordValidator validates a user's password

func NewValidator 

func NewValidator() (PasswordValidator, error)

NewValidator returns a sample validator that compares passwords to the bcrypt stored values for a user's password defined in the users key of the IDP's configuration

type ServiceProvider 

type ServiceProvider struct {
	EntityID                  string
	AssertionConsumerServices []AssertionConsumerService
	Certificate               string
	// contains filtered or unexported fields
}

ServiceProvider stores the Service Provider metadata required by the IdP

func ReadSPMetadata 

func ReadSPMetadata(metadata io.Reader) (*ServiceProvider, error)

ReadSPMetadata reads XML metadata from a reader

type UserAttributes 

type UserAttributes struct {
	Name       string
	Attributes map[string][]string
}

UserAttributes holds attributes for a given user

type UserPassword 

type UserPassword struct {
	Name     string
	Password string
}

UserPassword holds a user and their associated password.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.