Documentation ¶
Index ¶
- func GetAuthnRequestURL(baseURL string, b64XML string, state string) (string, error)
- func SignRequest(xml string, privateKeyPath string) (string, error)
- func SignResponse(xml string, privateKeyPath string) (string, error)
- func VerifyRequestSignature(xml string, publicCertPath string) error
- func VerifyResponseSignature(xml string, publicCertPath string) error
- func VerifyResponseSignatureCert(xml string, cert string) error
- type Assertion
- type AssertionConsumerService
- type Attribute
- type AttributeStatement
- type AttributeValue
- type Audience
- type AudienceRestriction
- type AuthnContext
- type AuthnContextClassRef
- type AuthnRequest
- func (r *AuthnRequest) CompressedEncodedSignedString(privateKeyPath string) (string, error)
- func (r *AuthnRequest) CompressedEncodedString() (string, error)
- func (r *AuthnRequest) EncodedSignedString(privateKeyPath string) (string, error)
- func (r *AuthnRequest) EncodedString() (string, error)
- func (r *AuthnRequest) SignedString(privateKeyPath string) (string, error)
- func (r *AuthnRequest) String() (string, error)
- func (r *AuthnRequest) Validate(publicCertPath string) error
- type AuthnStatement
- type CanonicalizationMethod
- type Conditions
- type DigestMethod
- type DigestValue
- type EntityAttributes
- type EntityDescriptor
- type Extensions
- type IdentityProviderSettings
- type Issuer
- type KeyDescriptor
- type KeyInfo
- type NameID
- type NameIDPolicy
- type RequestedAuthnContext
- type Response
- func (r *Response) AddAttribute(name, value string)
- func (r *Response) AddAudienceRestriction(value string)
- func (r *Response) AddAuthnStatement(transport string, sessionIndex string)
- func (r *Response) CompressedEncodedSignedString(privateKeyPath string) (string, error)
- func (r *Response) EncodedSignedString(privateKeyPath string) (string, error)
- func (r *Response) GetAttribute(name string) string
- func (r *Response) GetAttributeValues(name string) []string
- func (r *Response) SignedString(privateKeyPath string) (string, error)
- func (r *Response) String() (string, error)
- func (r *Response) Validate(s *ServiceProviderSettings) error
- type SPSSODescriptor
- type SPSSODescriptors
- type SamlsigReference
- type ServiceProviderSettings
- func (s *ServiceProviderSettings) GetAuthnRequest() (*AuthnRequest, error)
- func (s *ServiceProviderSettings) GetEntityDescriptor() (string, error)
- func (s *ServiceProviderSettings) IDPPublicCert() (string, error)
- func (s *ServiceProviderSettings) Init() error
- func (s *ServiceProviderSettings) PrivateKey() (string, error)
- func (s *ServiceProviderSettings) PublicCert() (string, error)
- type Signature
- type SignatureMethod
- type SignatureValue
- type SignedInfo
- type SingleLogoutService
- type Status
- type StatusCode
- type Subject
- type SubjectConfirmation
- type SubjectConfirmationData
- type Transform
- type Transforms
- type X509Certificate
- type X509Data
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetAuthnRequestURL ¶
GetAuthnRequestURL generate a URL for the AuthnRequest to the IdP with the SAMLRequst parameter encoded
func SignRequest ¶
SignRequest sign a SAML 2.0 AuthnRequest `privateKeyPath` must be a path on the filesystem, xmlsec1 is run out of process through `exec`
func SignResponse ¶
SignResponse sign a SAML 2.0 Response `privateKeyPath` must be a path on the filesystem, xmlsec1 is run out of process through `exec`
func VerifyRequestSignature ¶
VerifyRequestSignature verify signature of a SAML 2.0 AuthnRequest document `publicCertPath` must be a path on the filesystem, xmlsec1 is run out of process through `exec`
func VerifyResponseSignature ¶
VerifyResponseSignature verify signature of a SAML 2.0 Response document `publicCertPath` must be a path on the filesystem, xmlsec1 is run out of process through `exec`
func VerifyResponseSignatureCert ¶
VerifyResponseSignatureCert verify signature of a SAML 2.0 Response document `cert` must be the raw cert, xmlsec1 is run out of process through `exec`
Types ¶
type Assertion ¶
type Assertion struct { XMLName xml.Name ID string `xml:"ID,attr"` Version string `xml:"Version,attr"` XS string `xml:"xmlns:xs,attr"` XSI string `xml:"xmlns:xsi,attr"` SAML string `xml:"xmlns:saml,attr"` IssueInstant string `xml:"IssueInstant,attr"` Issuer Issuer `xml:"Issuer"` Subject Subject Conditions Conditions AuthnStatements []AuthnStatement `xml:"AuthnStatement,omitempty"` AttributeStatement AttributeStatement }
type AttributeStatement ¶
type AttributeValue ¶
type AudienceRestriction ¶
type AuthnContext ¶
type AuthnContext struct { XMLName xml.Name AuthnContextClassRef AuthnContextClassRef `xml:"AuthnContextClassRef"` }
type AuthnContextClassRef ¶
type AuthnRequest ¶
type AuthnRequest struct { XMLName xml.Name SAMLP string `xml:"xmlns:samlp,attr"` SAML string `xml:"xmlns:saml,attr"` SAMLSIG string `xml:"xmlns:samlsig,attr,omitempty"` ID string `xml:"ID,attr"` Version string `xml:"Version,attr"` ProtocolBinding string `xml:"ProtocolBinding,attr"` AssertionConsumerServiceURL string `xml:"AssertionConsumerServiceURL,attr"` Destination string `xml:"Destination,attr"` IssueInstant string `xml:"IssueInstant,attr"` AssertionConsumerServiceIndex int `xml:"AssertionConsumerServiceIndex,attr"` AttributeConsumingServiceIndex int `xml:"AttributeConsumingServiceIndex,attr"` Issuer Issuer `xml:"Issuer"` NameIDPolicy NameIDPolicy `xml:"NameIDPolicy"` RequestedAuthnContext RequestedAuthnContext `xml:"RequestedAuthnContext"` Signature *Signature `xml:"Signature,omitempty"` // contains filtered or unexported fields }
func NewAuthnRequest ¶
func NewAuthnRequest() *AuthnRequest
func ParseCompressedEncodedRequest ¶
func ParseCompressedEncodedRequest(b64RequestXML string) (*AuthnRequest, error)
func ParseEncodedRequest ¶
func ParseEncodedRequest(b64RequestXML string) (*AuthnRequest, error)
func (*AuthnRequest) CompressedEncodedSignedString ¶
func (r *AuthnRequest) CompressedEncodedSignedString(privateKeyPath string) (string, error)
func (*AuthnRequest) CompressedEncodedString ¶
func (r *AuthnRequest) CompressedEncodedString() (string, error)
func (*AuthnRequest) EncodedSignedString ¶
func (r *AuthnRequest) EncodedSignedString(privateKeyPath string) (string, error)
GetAuthnRequestURL generate a URL for the AuthnRequest to the IdP with the SAMLRequst parameter encoded
func (*AuthnRequest) EncodedString ¶
func (r *AuthnRequest) EncodedString() (string, error)
func (*AuthnRequest) SignedString ¶
func (r *AuthnRequest) SignedString(privateKeyPath string) (string, error)
func (*AuthnRequest) String ¶
func (r *AuthnRequest) String() (string, error)
func (*AuthnRequest) Validate ¶
func (r *AuthnRequest) Validate(publicCertPath string) error
type AuthnStatement ¶
type CanonicalizationMethod ¶
type Conditions ¶
type Conditions struct { XMLName xml.Name NotBefore string `xml:",attr"` NotOnOrAfter string `xml:",attr"` AudienceRestrictions []AudienceRestriction `xml:"AudienceRestriction,omitempty"` }
type DigestMethod ¶
type DigestValue ¶
type EntityAttributes ¶
type EntityDescriptor ¶
type EntityDescriptor struct { XMLName xml.Name DS string `xml:"xmlns:ds,attr"` XMLNS string `xml:"xmlns,attr"` MD string `xml:"xmlns:md,attr"` EntityId string `xml:"entityID,attr"` Extensions Extensions `xml:"Extensions"` SPSSODescriptor SPSSODescriptor `xml:"SPSSODescriptor"` }
type Extensions ¶
type IdentityProviderSettings ¶
type IdentityProviderSettings struct { }
type KeyDescriptor ¶
type NameIDPolicy ¶
type RequestedAuthnContext ¶
type RequestedAuthnContext struct { XMLName xml.Name SAMLP string `xml:"xmlns:samlp,attr"` Comparison string `xml:"Comparison,attr"` AuthnContextClassRef AuthnContextClassRef `xml:"AuthnContextClassRef"` }
type Response ¶
type Response struct { XMLName xml.Name SAMLP string `xml:"xmlns:samlp,attr"` SAML string `xml:"xmlns:saml,attr"` SAMLSIG string `xml:"xmlns:samlsig,attr"` Destination string `xml:"Destination,attr"` ID string `xml:"ID,attr"` Version string `xml:"Version,attr"` IssueInstant string `xml:"IssueInstant,attr"` InResponseTo string `xml:"InResponseTo,attr"` Issuer Issuer `xml:"Issuer"` Signature Signature `xml:"Signature"` Status Status `xml:"Status"` Assertion Assertion `xml:"Assertion"` // contains filtered or unexported fields }
func NewSignedResponse ¶
func NewSignedResponse() *Response
func ParseEncodedResponse ¶
func (*Response) AddAttribute ¶
AddAttribute add strong attribute to the Response
func (*Response) AddAudienceRestriction ¶
func (*Response) AddAuthnStatement ¶
func (*Response) CompressedEncodedSignedString ¶
func (*Response) EncodedSignedString ¶
func (*Response) GetAttribute ¶
GetAttribute by Name or by FriendlyName. Return blank string if not found
func (*Response) GetAttributeValues ¶
func (*Response) SignedString ¶
func (*Response) Validate ¶
func (r *Response) Validate(s *ServiceProviderSettings) error
type SPSSODescriptor ¶
type SPSSODescriptor struct { XMLName xml.Name ProtocolSupportEnumeration string `xml:"protocolSupportEnumeration,attr"` SigningKeyDescriptor KeyDescriptor EncryptionKeyDescriptor KeyDescriptor // SingleLogoutService SingleLogoutService `xml:"SingleLogoutService"` AssertionConsumerServices []AssertionConsumerService }
type SPSSODescriptors ¶
type SPSSODescriptors struct { }
type SamlsigReference ¶
type SamlsigReference struct { XMLName xml.Name URI string `xml:"URI,attr"` Transforms Transforms `xml:",innerxml"` DigestMethod DigestMethod `xml:",innerxml"` DigestValue DigestValue `xml:",innerxml"` }
type ServiceProviderSettings ¶
type ServiceProviderSettings struct { PublicCertPath string RawPublicCert string PrivateKeyPath string RawPrivateKey string IDPSSOURL string IDPSSODescriptorURL string IDPPublicCertPath string RawIDPPublicCert string AssertionConsumerServiceURL string SPSignRequest bool // contains filtered or unexported fields }
ServiceProviderSettings provides settings to configure server acting as a SAML Service Provider. Expect only one IDP per SP in this configuration. If you need to configure multiple IDPs for an SP then configure multiple instances of this module
func (*ServiceProviderSettings) GetAuthnRequest ¶
func (s *ServiceProviderSettings) GetAuthnRequest() (*AuthnRequest, error)
GetSignedAuthnRequest returns a singed XML document that represents a AuthnRequest SAML document
func (*ServiceProviderSettings) GetEntityDescriptor ¶
func (s *ServiceProviderSettings) GetEntityDescriptor() (string, error)
func (*ServiceProviderSettings) IDPPublicCert ¶
func (s *ServiceProviderSettings) IDPPublicCert() (string, error)
func (*ServiceProviderSettings) Init ¶
func (s *ServiceProviderSettings) Init() error
func (*ServiceProviderSettings) PrivateKey ¶
func (s *ServiceProviderSettings) PrivateKey() (string, error)
func (*ServiceProviderSettings) PublicCert ¶
func (s *ServiceProviderSettings) PublicCert() (string, error)
type Signature ¶
type Signature struct { XMLName xml.Name Id string `xml:"Id,attr"` SignedInfo SignedInfo SignatureValue SignatureValue KeyInfo KeyInfo }
type SignatureMethod ¶
type SignatureValue ¶
type SignedInfo ¶
type SignedInfo struct { XMLName xml.Name CanonicalizationMethod CanonicalizationMethod SignatureMethod SignatureMethod SamlsigReference SamlsigReference }
type SingleLogoutService ¶
type Status ¶
type Status struct { XMLName xml.Name StatusCode StatusCode `xml:"StatusCode"` }
type StatusCode ¶
type Subject ¶
type Subject struct { XMLName xml.Name NameID NameID SubjectConfirmation SubjectConfirmation }
type SubjectConfirmation ¶
type SubjectConfirmation struct { XMLName xml.Name Method string `xml:",attr"` SubjectConfirmationData SubjectConfirmationData }
type SubjectConfirmationData ¶
type Transforms ¶
type X509Certificate ¶
type X509Data ¶
type X509Data struct { XMLName xml.Name X509Certificate X509Certificate `xml:",innerxml"` }