Documentation

Index

Constants

View Source
const (
	Namespace = "oasis:names:tc:SAML:2.0:assertion"
	Path      = "/sts/STSService"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Client

type Client struct {
	*soap.Client
}

    Client is a soap.Client targeting the STS (Secure Token Service) API endpoint.

    func NewClient

    func NewClient(ctx context.Context, c *vim25.Client) (*Client, error)

      NewClient returns a client targeting the STS API endpoint. The Client.URL will be set to that of the Lookup Service's endpoint registration, as the SSO endpoint can be external to vCenter. If the Lookup Service is not available, URL defaults to Path on the vim25.Client.URL.Host.

      func (*Client) Issue

      func (c *Client) Issue(ctx context.Context, req TokenRequest) (*Signer, error)

        Issue is used to request a security token. The returned Signer can be used to sign SOAP requests, such as the SessionManager LoginByToken method and the RequestSecurityToken method itself. One of TokenRequest Certificate or Userinfo is required, with Certificate taking precedence. When Certificate is set, a Holder-of-Key token will be requested. Otherwise, a Bearer token is requested with the Userinfo credentials. See: http://docs.oasis-open.org/ws-sx/ws-trust/v1.4/errata01/os/ws-trust-1.4-errata01-os-complete.html#_Toc325658937

        func (*Client) Renew

        func (c *Client) Renew(ctx context.Context, req TokenRequest) (*Signer, error)

          Renew is used to request a security token renewal.

          type Signer

          type Signer struct {
          	Token       string           // Token is a SAML token
          	Certificate *tls.Certificate // Certificate is used to sign requests
          	Lifetime    struct {
          		Created time.Time
          		Expires time.Time
          	}
          	// contains filtered or unexported fields
          }

            Signer implements the soap.Signer interface.

            func (*Signer) NewRequest

            func (s *Signer) NewRequest() TokenRequest

            func (*Signer) Sign

            func (s *Signer) Sign(env soap.Envelope) ([]byte, error)

              Sign is a soap.Signer implementation which can be used to sign RequestSecurityToken and LoginByTokenBody requests.

              func (*Signer) SignRequest

              func (s *Signer) SignRequest(req *http.Request) error

                SignRequest is a rest.Signer implementation which can be used to sign rest.Client.LoginByTokenBody requests.

                type TokenRequest

                type TokenRequest struct {
                	Userinfo    *url.Userinfo    // Userinfo when set issues a Bearer token
                	Certificate *tls.Certificate // Certificate when set issues a HoK token
                	Lifetime    time.Duration    // Lifetime is the token's lifetime, defaults to 10m
                	Renewable   bool             // Renewable allows the issued token to be renewed
                	Delegatable bool             // Delegatable allows the issued token to be delegated (e.g. for use with ActAs)
                	ActAs       bool             // ActAs allows to request an ActAs token based on the passed Token.
                	Token       string           // Token for Renew request or Issue request ActAs identity or to be exchanged.
                	KeyType     string           // KeyType for requested token (if not set will be decucted from Userinfo and Certificate options)
                	KeyID       string           // KeyID used for signing the requests
                }

                  TokenRequest parameters for issuing a SAML token. At least one of Userinfo or Certificate must be specified.

                  Directories

                  Path Synopsis