v0.0.0-...-d88c8b5 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Feb 9, 2021 License: Apache-2.0 Imports: 26 Imported by: 0




View Source
const (
	Namespace = "oasis:names:tc:SAML:2.0:assertion"
	Path      = "/sts/STSService"


This section is empty.


This section is empty.


type Client

type Client struct {

Client is a soap.Client targeting the STS (Secure Token Service) API endpoint.

func NewClient

func NewClient(ctx context.Context, c *vim25.Client) (*Client, error)

NewClient returns a client targeting the STS API endpoint. The Client.URL will be set to that of the Lookup Service's endpoint registration, as the SSO endpoint can be external to vCenter. If the Lookup Service is not available, URL defaults to Path on the vim25.Client.URL.Host.

func (*Client) Issue

func (c *Client) Issue(ctx context.Context, req TokenRequest) (*Signer, error)

Issue is used to request a security token. The returned Signer can be used to sign SOAP requests, such as the SessionManager LoginByToken method and the RequestSecurityToken method itself. One of TokenRequest Certificate or Userinfo is required, with Certificate taking precedence. When Certificate is set, a Holder-of-Key token will be requested. Otherwise, a Bearer token is requested with the Userinfo credentials. See:

func (*Client) Renew

func (c *Client) Renew(ctx context.Context, req TokenRequest) (*Signer, error)

Renew is used to request a security token renewal.

type Signer

type Signer struct {
	Token       string           // Token is a SAML token
	Certificate *tls.Certificate // Certificate is used to sign requests
	Lifetime    struct {
		Created time.Time
		Expires time.Time
	// contains filtered or unexported fields

Signer implements the soap.Signer interface.

func (*Signer) NewRequest

func (s *Signer) NewRequest() TokenRequest

func (*Signer) Sign

func (s *Signer) Sign(env soap.Envelope) ([]byte, error)

Sign is a soap.Signer implementation which can be used to sign RequestSecurityToken and LoginByTokenBody requests.

func (*Signer) SignRequest

func (s *Signer) SignRequest(req *http.Request) error

SignRequest is a rest.Signer implementation which can be used to sign rest.Client.LoginByTokenBody requests.

type TokenRequest

type TokenRequest struct {
	Userinfo    *url.Userinfo    // Userinfo when set issues a Bearer token
	Certificate *tls.Certificate // Certificate when set issues a HoK token
	Lifetime    time.Duration    // Lifetime is the token's lifetime, defaults to 10m
	Renewable   bool             // Renewable allows the issued token to be renewed
	Delegatable bool             // Delegatable allows the issued token to be delegated (e.g. for use with ActAs)
	ActAs       bool             // ActAs allows to request an ActAs token based on the passed Token.
	Token       string           // Token for Renew request or Issue request ActAs identity or to be exchanged.
	KeyType     string           // KeyType for requested token (if not set will be decucted from Userinfo and Certificate options)
	KeyID       string           // KeyID used for signing the requests

TokenRequest parameters for issuing a SAML token. At least one of Userinfo or Certificate must be specified.


Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL