saml

package
v1.3.36 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 14, 2024 License: MIT Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrSAMLRequest indicates there is an error on SAML callback request.
	ErrSAMLRequest = errors.New("malformed SAML callback request")
	// ErrUserDataCallback indicates there was an error executing user data callback.
	ErrUserDataCallback = errors.New("error on user data callback")
	// ErrGeneratingToken indicates there was an error genereting JWT token.
	ErrGeneratingToken = errors.New("error generating token")
	// ErrRelayStateInvalid indicates the provided "redirect_to" URL is not valid.
	ErrRelayStateInvalid = errors.New("invalid RelayState URL")
	// ErrUntrustedDomain indicates the redirect domain is not trusted.
	ErrUntrustedDomain = errors.New("redirect to an untrusted domain was requested")
)
View Source
var (
	// ErrParsingMetadata indicates there was an error obtaining or parsing metadata.
	ErrParsingMetadata = errors.New("error parsing metadata")
	// ErrMalformedSAML indicates there is a format error on SAML callback request.
	ErrMalformedSAML = errors.New("malformed SAML request content")
	// ErrNotInAudience indicates SAML validation contains an audience related warning.
	ErrNotInAudience = errors.New("not in audience")
)

Functions

This section is empty.

Types

type CallbackConfig

type CallbackConfig struct {
	CookieName       string
	CookieDomain     string
	CookieSecure     bool
	UserDataCallback UserDataCallback
	TokenGenerator   TokenGenerator
}

CallbackConfig specifies config options for the login callback function.

type Handler

type Handler interface {
	LoginHandler() http.HandlerFunc
	LoginCallbackHandler(CallbackConfig) http.HandlerFunc
}

Handler represents a SAML authentication handler.

func NewHandler

func NewHandler(provider Provider, trustedDomains []string) Handler

NewHandler builds a new SAML handler from a SAML provider and a list of trusted domains.

type Provider

type Provider interface {
	BuildAuthURL(url string) (string, error)
	GetUserData(samlResp string) (UserData, error)
}

Provider represents a component that is able to interact and communicate with a SAML IdP.

func NewProvider

func NewProvider(metadataURL, issuerURL, callbackURL string, keyStore X509KeyStore) (Provider, error)

NewProvider builds a new SAML provider. keyStore is the X509 keystore to use for request signing.

type RandomKeyStore

type RandomKeyStore struct {
	// contains filtered or unexported fields
}

RandomKeyStore is a X509KeyStore which generates a new random private key and certificate from it. This is acceptable for many IdPs as they often do not verify request signatures (e.g.: Okta)

func NewRandomKeyStore

func NewRandomKeyStore() *RandomKeyStore

NewRandomKeyStore builds a new RandomKeyStore.

func (*RandomKeyStore) GetKeyPair

func (s *RandomKeyStore) GetKeyPair() (privateKey *rsa.PrivateKey, cert []byte, err error)

GetKeyPair returns the keystore private key and certificate.

type TokenGenerator

type TokenGenerator func(data map[string]interface{}) (string, error)

TokenGenerator defines the method to generate a new session token. Note that is designed thinking in a Bearer token, like OAuth / JWT

type UserData

type UserData struct {
	UserName  string `db:"username"`
	FirstName string `db:"first_name"`
	LastName  string `db:"last_name"`
	Email     string `db:"email"`
}

UserData contains the basic auth data associated with a user obtained from SAML response.

type UserDataCallback

type UserDataCallback func(UserData) error

UserDataCallback represents the callback to execute when user data is obtained from SAML response.

type X509KeyStore

type X509KeyStore interface {
	GetKeyPair() (privateKey *rsa.PrivateKey, cert []byte, err error)
}

X509KeyStore represents an X509 keystore.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL