saml

package

v1.2.17 Latest Latest Go to latest Published: Sep 21, 2023 License: MIT Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/adevinta/vulcan-api

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type CallbackConfig
type Handler
- func NewHandler(provider Provider, trustedDomains []string) Handler
type Provider
- func NewProvider(metadataURL, issuerURL, callbackURL string, keyStore X509KeyStore) (Provider, error)
type RandomKeyStore
- func NewRandomKeyStore() *RandomKeyStore
- func (s *RandomKeyStore) GetKeyPair() (privateKey *rsa.PrivateKey, cert []byte, err error)
type TokenGenerator
type UserData
type UserDataCallback
type X509KeyStore

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrSAMLRequest indicates there is an error on SAML callback request.
	ErrSAMLRequest = errors.New("malformed SAML callback request")
	// ErrUserDataCallback indicates there was an error executing user data callback.
	ErrUserDataCallback = errors.New("error on user data callback")
	// ErrGeneratingToken indicates there was an error genereting JWT token.
	ErrGeneratingToken = errors.New("error generating token")
	// ErrRelayStateInvalid indicates the provided "redirect_to" URL is not valid.
	ErrRelayStateInvalid = errors.New("invalid RelayState URL")
	// ErrUntrustedDomain indicates the redirect domain is not trusted.
	ErrUntrustedDomain = errors.New("redirect to an untrusted domain was requested")
)

View Source

var (
	// ErrParsingMetadata indicates there was an error obtaining or parsing metadata.
	ErrParsingMetadata = errors.New("error parsing metadata")
	// ErrMalformedSAML indicates there is a format error on SAML callback request.
	ErrMalformedSAML = errors.New("malformed SAML request content")
	// ErrNotInAudience indicates SAML validation contains an audience related warning.
	ErrNotInAudience = errors.New("not in audience")
)

Functions ¶

This section is empty.

Types ¶

type CallbackConfig ¶

type CallbackConfig struct {
	CookieName       string
	CookieDomain     string
	CookieSecure     bool
	UserDataCallback UserDataCallback
	TokenGenerator   TokenGenerator
}

CallbackConfig specifies config options for the login callback function.

type Handler ¶

type Handler interface {
	LoginHandler() http.HandlerFunc
	LoginCallbackHandler(CallbackConfig) http.HandlerFunc
}

Handler represents a SAML authentication handler.

func NewHandler ¶

func NewHandler(provider Provider, trustedDomains []string) Handler

NewHandler builds a new SAML handler from a SAML provider and a list of trusted domains.

type Provider ¶

type Provider interface {
	BuildAuthURL(url string) (string, error)
	GetUserData(samlResp string) (UserData, error)
}

Provider represents a component that is able to interact and communicate with a SAML IdP.

func NewProvider ¶

func NewProvider(metadataURL, issuerURL, callbackURL string, keyStore X509KeyStore) (Provider, error)

NewProvider builds a new SAML provider. keyStore is the X509 keystore to use for request signing.

type RandomKeyStore ¶

type RandomKeyStore struct {
	// contains filtered or unexported fields
}

RandomKeyStore is a X509KeyStore which generates a new random private key and certificate from it. This is acceptable for many IdPs as they often do not verify request signatures (e.g.: Okta)

func NewRandomKeyStore ¶

func NewRandomKeyStore() *RandomKeyStore

NewRandomKeyStore builds a new RandomKeyStore.

func (*RandomKeyStore) GetKeyPair ¶

func (s *RandomKeyStore) GetKeyPair() (privateKey *rsa.PrivateKey, cert []byte, err error)

GetKeyPair returns the keystore private key and certificate.

type TokenGenerator ¶

type TokenGenerator func(data map[string]interface{}) (string, error)

TokenGenerator defines the method to generate a new session token. Note that is designed thinking in a Bearer token, like OAuth / JWT

type UserData ¶

type UserData struct {
	UserName  string `db:"username"`
	FirstName string `db:"first_name"`
	LastName  string `db:"last_name"`
	Email     string `db:"email"`
}

UserData contains the basic auth data associated with a user obtained from SAML response.

type UserDataCallback ¶

type UserDataCallback func(UserData) error

UserDataCallback represents the callback to execute when user data is obtained from SAML response.

type X509KeyStore ¶

type X509KeyStore interface {
	GetKeyPair() (privateKey *rsa.PrivateKey, cert []byte, err error)
}

X509KeyStore represents an X509 keystore.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL