spidsaml

package module
v0.0.0-...-0cdff86 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 1, 2021 License: BSD-3-Clause Imports: 25 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AttributeConsumingService 

type AttributeConsumingService struct {
	ServiceName string
	Attributes  []string
}

AttributeConsumingService defines, well, an AttributeConsumingService.

type AuthnRequest 

type AuthnRequest struct {
	AcsURL     string
	AcsIndex   int
	AttrIndex  int
	Level      int
	Comparison string
	// contains filtered or unexported fields
}

AuthnRequest defines an outgoing SPID/SAML AuthnRequest. Do not instantiate it directly but use sp.NewAuthnRequest() instead.

func (*AuthnRequest) IssueInstant 

func (msg *AuthnRequest) IssueInstant() *time.Time

func (*AuthnRequest) IssueInstantString 

func (msg *AuthnRequest) IssueInstantString() string

func (*AuthnRequest) PostForm 

func (authnreq *AuthnRequest) PostForm() []byte

PostForm returns an HTML page with a JavaScript auto-post command that submits the request to the Identity Provider in order to initiate their Single Sign-On. In SAML words, this implements the HTTP-POST binding.

func (*AuthnRequest) RedirectURL 

func (authnreq *AuthnRequest) RedirectURL() string

RedirectURL returns the full URL of the Identity Provider where user should be redirected in order to initiate their Single Sign-On. In SAML words, this implements the HTTP-Redirect binding.

func (*AuthnRequest) XML 

func (authnreq *AuthnRequest) XML(binding SAMLBinding) []byte

XML generates the XML representation of this AuthnRequest

type Clock 

type Clock struct {
	// contains filtered or unexported fields
}

A clock that can be mocked in tests. Thanks to Michael Whatcott See https://smartystreets.com/blog/2015/09/go-testing-part-5-testing-with-time/

func (*Clock) Now 

func (this *Clock) Now() time.Time

type IDP 

type IDP struct {
	XML        string
	EntityID   string
	Certs      []*x509.Certificate
	SSOURLs    map[SAMLBinding]string
	SLOReqURLs map[SAMLBinding]string
	SLOResURLs map[SAMLBinding]string
}

IDP represents an Identity Provider.

func LoadIDPFrom 

func LoadIDPFrom(path string) (*IDP, error)

func NewIDPFromXML 

func NewIDPFromXML(xml []byte) *IDP

NewIDPFromXML takes XML metadata and returns an IDP object.

func (*IDP) CertPEM 

func (idp *IDP) CertPEM() [][]byte

CertPEM returns the IdP certificate in PEM format.

type LogoutRequestIn 

type LogoutRequestIn struct {
	// contains filtered or unexported fields
}

LogoutRequestIn represents an incoming LogoutRequest. You can use this to parse a logout request in case the user initiated a logout procedure elsewhere and an Identity Provider is requesting logout to you. You are not supposed to instantiate this directly; use ParseLogoutRequest() instead.

func (*LogoutRequestIn) Destination 

func (msg *LogoutRequestIn) Destination() string

Destination returns the value of the <Destination> element.

func (*LogoutRequestIn) ID 

func (msg *LogoutRequestIn) ID() string

ID returns the message ID.

func (*LogoutRequestIn) InResponseTo 

func (msg *LogoutRequestIn) InResponseTo() string

InResponseTo returns the value of the <InResponseTo> element.

func (*LogoutRequestIn) Issuer 

func (msg *LogoutRequestIn) Issuer() string

Issuer returns the value of the <Issuer> element.

func (*LogoutRequestIn) SessionIndex 

func (logoutreq *LogoutRequestIn) SessionIndex() string

SessionIndex returns the value of the <SessionIndex> element.

func (*LogoutRequestIn) SetXML 

func (msg *LogoutRequestIn) SetXML(xml []byte) error

type LogoutRequestOut 

type LogoutRequestOut struct {
	Session *Session
	// contains filtered or unexported fields
}

LogoutRequestOut defines an outgoing SPID/SAML LogoutRequest. You can use it to generate such a request in case you're initiating a logout procedure on behalf of your user. Do not instantiate it directly but use sp.NewLogoutRequest() instead.

func (*LogoutRequestOut) IssueInstant 

func (msg *LogoutRequestOut) IssueInstant() *time.Time

func (*LogoutRequestOut) IssueInstantString 

func (msg *LogoutRequestOut) IssueInstantString() string

func (*LogoutRequestOut) PostForm 

func (logoutreq *LogoutRequestOut) PostForm() []byte

PostForm returns an HTML page with a JavaScript auto-post command that submits the request to the Identity Provider in order to initiate their Single Logout. In SAML words, this implements the HTTP-POST binding.

func (*LogoutRequestOut) RedirectURL 

func (logoutreq *LogoutRequestOut) RedirectURL() string

RedirectURL returns the full URL of the Identity Provider where user should be redirected in order to initiate their Single Logout. In SAML words, this implements the HTTP-Redirect binding.

func (*LogoutRequestOut) XML 

func (logoutreq *LogoutRequestOut) XML(binding SAMLBinding) []byte

XML generates the XML representation of this LogoutRequest

type LogoutResponseIn 

type LogoutResponseIn struct {
	// contains filtered or unexported fields
}

LogoutResponseIn represents an incoming LogoutResponse. You can use this to parse the response coming from the Identity Provider after you sent a LogoutRequest for a SP-initiated logout. You are not supposed to instantiate this directly; use ParseLogoutResponse() instead.

func (*LogoutResponseIn) Destination 

func (msg *LogoutResponseIn) Destination() string

Destination returns the value of the <Destination> element.

func (*LogoutResponseIn) ID 

func (msg *LogoutResponseIn) ID() string

ID returns the message ID.

func (*LogoutResponseIn) InResponseTo 

func (msg *LogoutResponseIn) InResponseTo() string

InResponseTo returns the value of the <InResponseTo> element.

func (*LogoutResponseIn) Issuer 

func (msg *LogoutResponseIn) Issuer() string

Issuer returns the value of the <Issuer> element.

func (*LogoutResponseIn) SetXML 

func (msg *LogoutResponseIn) SetXML(xml []byte) error

type LogoutResponseOut 

type LogoutResponseOut struct {
	InResponseTo string
	// contains filtered or unexported fields
}

LogoutResponseOut defines an outgoing SPID/SAML LogoutResponse. You need to craft such a response in case you received a LogoutRequest from the Identity Provider, thus during an IdP-initiated logout. Do not instantiate it directly but use sp.NewLogoutResponse() instead.

func (*LogoutResponseOut) IssueInstant 

func (msg *LogoutResponseOut) IssueInstant() *time.Time

func (*LogoutResponseOut) IssueInstantString 

func (msg *LogoutResponseOut) IssueInstantString() string

func (*LogoutResponseOut) PostForm 

func (logoutres *LogoutResponseOut) PostForm() []byte

PostForm returns an HTML page with a JavaScript auto-post command that submits the request to the Identity Provider in order to complete their Single Logout. In SAML words, this implements the HTTP-POST binding.

func (*LogoutResponseOut) RedirectURL 

func (logoutres *LogoutResponseOut) RedirectURL() string

RedirectURL returns the full URL of the Identity Provider where user should be redirected in order to continue their Single Logout. In SAML words, this implements the HTTP-Redirect binding.

func (*LogoutResponseOut) XML 

func (logoutres *LogoutResponseOut) XML(binding SAMLBinding) []byte

XML generates the XML representation of this LogoutResponseOut

type LogoutStatus 

type LogoutStatus string

LogoutStatus represent the possible result statuses of Single Logout. 

const (
	SuccessLogout LogoutStatus = "success"
	PartialLogout LogoutStatus = "partial"
)

LogoutStatus represent the possible result statuses of Single Logout.

type Response 

type Response struct {
	// contains filtered or unexported fields
}

Response represents an incoming SPID Response/Assertion message. We get such messages after an AuthnRequest (Single Sign-On).

func (*Response) AssertionAudience 

func (response *Response) AssertionAudience() string

AssertionAudience returns the value of the <Assertion><Audience> element.

func (*Response) AssertionInResponseTo 

func (response *Response) AssertionInResponseTo() string

AssertionInResponseTo returns the value of the <Assertion> InResponseTo attribute.

func (*Response) AssertionIssuer 

func (response *Response) AssertionIssuer() string

AssertionIssuer returns the value of the <Assertion><Issuer> element.

func (*Response) AssertionRecipient 

func (response *Response) AssertionRecipient() string

AssertionRecipient returns the value of the <Assertion> Recipient attribute.

func (*Response) Attributes 

func (response *Response) Attributes() map[string]string

Attributes returns the attributes carried by the assertion.

func (*Response) Destination 

func (msg *Response) Destination() string

Destination returns the value of the <Destination> element.

func (*Response) ID 

func (msg *Response) ID() string

ID returns the message ID.

func (*Response) InResponseTo 

func (msg *Response) InResponseTo() string

InResponseTo returns the value of the <InResponseTo> element.

func (*Response) Issuer 

func (msg *Response) Issuer() string

Issuer returns the value of the <Issuer> element.

func (*Response) Level 

func (response *Response) Level() int

Level returns the SPID level specified in the assertion.

func (*Response) NameID 

func (response *Response) NameID() string

NameID returns the value of the <NameID> element.

func (*Response) NotBefore 

func (response *Response) NotBefore() (time.Time, error)

NotBefore returns the value of the <Assertion> NotBefore attribute.

func (*Response) NotOnOrAfter 

func (response *Response) NotOnOrAfter() (time.Time, error)

NotOnOrAfter returns the value of the <Assertion> NotOnOrAfter attribute.

func (*Response) Session 

func (response *Response) Session() *Session

Session returns a Session object populated with useful information from this Response/Assertion. You might want to store this object along with the user session of your application, so that you can use it for generating the LoginRequest

func (*Response) SessionIndex 

func (response *Response) SessionIndex() string

SessionIndex returns the value of the SessionIndex attribute.

func (*Response) SetXML 

func (msg *Response) SetXML(xml []byte) error

func (*Response) StatusCode 

func (response *Response) StatusCode() string

StatusCode returns the value of the <StatusCode> element.

func (*Response) StatusCode2 

func (response *Response) StatusCode2() string

StatusCode2 returns the value of the <StatusCode><StatusCode> sub-element.

func (*Response) StatusMessage 

func (response *Response) StatusMessage() string

StatusMessage returns the value of the <StatusMessage> element.

func (*Response) SubjectConfirmationDataNotOnOrAfter 

func (response *Response) SubjectConfirmationDataNotOnOrAfter() (time.Time, error)

SubjectConfirmationDataNotOnOrAfter returns the value of the <Assertion><SubjectConfirmationData> NotOnOrAfter attribute.

func (*Response) Success 

func (response *Response) Success() bool

Success returns true if authentication succeeded (and thus we got an assertion from the Identity Provider). In case of failure, you can call the StatusCode() method for more details.

type SAMLBinding 

type SAMLBinding string

SAMLBinding can be either HTTPRedirect or HTTPPost. 

const (
	HTTPRedirect SAMLBinding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
	HTTPPost     SAMLBinding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
)

Constants for SAMLBinding

type SP 

type SP struct {
	EntityID                   string
	KeyFile                    string
	CertFile                   string
	AssertionConsumerServices  []string
	SingleLogoutServices       map[string]SAMLBinding
	AttributeConsumingServices []AttributeConsumingService
	IDP                        map[string]*IDP
	// contains filtered or unexported fields
}

SP represents our Service Provider

func (*SP) Cert 

func (sp *SP) Cert() *x509.Certificate

Cert returns the certificate of this Service Provider.

func (*SP) CertPEM 

func (sp *SP) CertPEM() []byte

CertPEM returns the of this Service Provider. certificate in PEM format.

func (*SP) GetButton 

func (sp *SP) GetButton(pattern string) string

GetButton returns the rendered HTML of the SPID button.

func (*SP) GetIDP 

func (sp *SP) GetIDP(entityID string) (*IDP, error)

GetIDP returns an IDP object representing the Identity Provider matching the given entityID.

func (*SP) Key 

func (sp *SP) Key() *rsa.PrivateKey

Key returns the private key of this Service Provider

func (*SP) KeyPEM 

func (sp *SP) KeyPEM() []byte

KeyPEM returns the private key of this Service Provider in PEM format

func (*SP) LoadIDPFromXMLFile 

func (sp *SP) LoadIDPFromXMLFile(path string) error

LoadIDPFromXMLFile loads an Identity Provider from its XML metadata.

func (*SP) LoadIDPMetadata 

func (sp *SP) LoadIDPMetadata(dir string) error

LoadIDPMetadata load one or multiple Identity Providers by reading all the XML files in the given directory.

func (*SP) Metadata 

func (sp *SP) Metadata() string

Metadata generates XML metadata of this Service Provider.

func (*SP) NewAuthnRequest 

func (sp *SP) NewAuthnRequest(idp *IDP) *AuthnRequest

NewAuthnRequest generates an AuthnRequest addressed to this Identity Provider. Note that this method does not perform any network call, it just initializes an object.

func (*SP) NewLogoutRequest 

func (sp *SP) NewLogoutRequest(session *Session) (*LogoutRequestOut, error)

NewLogoutRequest generates a LogoutRequest addressed to the Identity Provider. Note that this method does not perform any network call, it just initializes an object.

func (*SP) NewLogoutResponse 

func (sp *SP) NewLogoutResponse(logoutreq *LogoutRequestIn, status LogoutStatus) (*LogoutResponseOut, error)

NewLogoutResponse generates a LogoutRequest addressed to the Identity Provider. Note that this method does not perform any network call, it just initializes an object.

func (*SP) ParseLogoutRequest 

func (sp *SP) ParseLogoutRequest(r *http.Request) (*LogoutRequestIn, error)

ParseLogoutRequest parses an http.Request and instantiates a LogoutRequestIn.

func (*SP) ParseLogoutResponse 

func (sp *SP) ParseLogoutResponse(r *http.Request, inResponseTo string) (*LogoutResponseIn, error)

ParseLogoutResponse parses an http.Request and instantiates a LogoutResponseIn.

func (*SP) ParseResponse 

func (sp *SP) ParseResponse(r *http.Request, inResponseTo string) (*Response, error)

ParseResponse parses a Response/Assertion. Validation is performed (see the documentation for the Response::validate() method), so this method may return an error. A second argument can be supplied, containing the C<ID> of the request message; in this case validation will also check the InResponseTo attribute.

type Session 

type Session struct {
	IDPEntityID  string
	NameID       string
	SessionIndex string
	AssertionXML []byte
	Level        int
	Attributes   map[string]string
}

Session represents an active SPID session.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.