Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security Policy
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

saml

package module

Go to main page

Versions in this module

v0

v0.4.6

Nov 10, 2021

Changes in this version

+ const DefaultCacheDuration

+ const DefaultValidDuration

+ const HTTPPostBinding

+ const HTTPRedirectBinding

+ const StatusAuthnFailed

+ const StatusInvalidAttrNameOrValue

+ const StatusInvalidNameIDPolicy

+ const StatusNoAuthnContext

+ const StatusNoAvailableIDP

+ const StatusNoPassive

+ const StatusNoSupportedIDP

+ const StatusPartialLogout

+ const StatusProxyCountExceeded

+ const StatusRequestDenied

+ const StatusRequestUnsupported

+ const StatusRequestVersionDeprecated

+ const StatusRequestVersionTooHigh

+ const StatusRequestVersionTooLow

+ const StatusRequester

+ const StatusResourceNotRecognized

+ const StatusResponder

+ const StatusTooManyResponses

+ const StatusUnknownAttrProfile

+ const StatusUnknownPrincipal

+ const StatusUnsupportedBinding

+ const StatusVersionMismatch

+ var Clock *dsig.Clock

+ var MaxClockSkew = time.Second * 180

+ var MaxIssueDelay = time.Second * 90

+ var Metadata = struct{}

+ var RandReader = rand.Reader

+ var StatusSuccess = "urn:oasis:names:tc:SAML:2.0:status:Success"

+ var TimeNow = func() time.Time

+ func GetSigningContext(sp *ServiceProvider) (*dsig.SigningContext, error)

+ type AffiliationDescriptor struct

+ AffiliateMembers []string

+ AffiliationOwnerID string

+ CacheDuration time.Duration

+ ID string

+ KeyDescriptors []KeyDescriptor

+ Signature *etree.Element

+ ValidUntil time.Time

+ type Assertion struct

+ AttributeStatements []AttributeStatement

+ AuthnStatements []AuthnStatement

+ Conditions *Conditions

+ ID string

+ IssueInstant time.Time

+ Issuer Issuer

+ Signature *etree.Element

+ Subject *Subject

+ Version string

+ XMLName xml.Name

+ func (a *Assertion) Element() *etree.Element

+ func (a *Assertion) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

+ type AssertionAttribute struct

+ FriendlyName string

+ Name string

+ Value string

+ type AssertionAttributes []AssertionAttribute

+ func (aa AssertionAttributes) Get(name string) *AssertionAttribute

+ type AssertionMaker interface

+ MakeAssertion func(req *IdpAuthnRequest, session *Session) error

+ type Attribute struct

+ FriendlyName string

+ Name string

+ NameFormat string

+ Values []AttributeValue

+ func (a *Attribute) Element() *etree.Element

+ type AttributeAuthorityDescriptor struct

+ AssertionIDRequestServices []Endpoint

+ AttributeProfiles []string

+ AttributeServices []Endpoint

+ Attributes []Attribute

+ NameIDFormats []NameIDFormat

+ type AttributeConsumingService struct

+ Index int

+ IsDefault *bool

+ RequestedAttributes []RequestedAttribute

+ ServiceDescriptions []LocalizedName

+ ServiceNames []LocalizedName

+ type AttributeStatement struct

+ Attributes []Attribute

+ func (a *AttributeStatement) Element() *etree.Element

+ type AttributeValue struct

+ NameID *NameID

+ Type string

+ Value string

+ func (a *AttributeValue) Element() *etree.Element

+ type Audience struct

+ Value string

+ func (a *Audience) Element() *etree.Element

+ type AudienceRestriction struct

+ Audience Audience

+ func (a *AudienceRestriction) Element() *etree.Element

+ type AuthnAuthorityDescriptor struct

+ AssertionIDRequestServices []Endpoint

+ AuthnQueryServices []Endpoint

+ NameIDFormats []NameIDFormat

+ type AuthnContext struct

+ AuthnContextClassRef *AuthnContextClassRef

+ func (a *AuthnContext) Element() *etree.Element

+ type AuthnContextClassRef struct

+ Value string

+ func (a *AuthnContextClassRef) Element() *etree.Element

+ type AuthnRequest struct

+ AssertionConsumerServiceIndex string

+ AssertionConsumerServiceURL string

+ AttributeConsumingServiceIndex string

+ Conditions *Conditions

+ Consent string

+ Destination string

+ ForceAuthn *bool

+ ID string

+ IsPassive *bool

+ IssueInstant time.Time

+ Issuer *Issuer

+ NameIDPolicy *NameIDPolicy

+ ProtocolBinding string

+ ProviderName string

+ Signature *etree.Element

+ Subject *Subject

+ Version string

+ XMLName xml.Name

+ func (r *AuthnRequest) Element() *etree.Element

+ func (r *AuthnRequest) MarshalXML(e *xml.Encoder, start xml.StartElement) error

+ func (r *AuthnRequest) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

+ func (req *AuthnRequest) Post(relayState string) []byte

+ func (req *AuthnRequest) Redirect(relayState string, sp *ServiceProvider) (*url.URL, error)

+ type AuthnStatement struct

+ AuthnContext AuthnContext

+ AuthnInstant time.Time

+ SessionIndex string

+ SessionNotOnOrAfter *time.Time

+ SubjectLocality *SubjectLocality

+ func (a *AuthnStatement) Element() *etree.Element

+ func (a *AuthnStatement) MarshalXML(e *xml.Encoder, start xml.StartElement) error

+ func (a *AuthnStatement) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

+ type Conditions struct

+ AudienceRestrictions []AudienceRestriction

+ NotBefore time.Time

+ NotOnOrAfter time.Time

+ OneTimeUse *OneTimeUse

+ ProxyRestriction *ProxyRestriction

+ func (c *Conditions) Element() *etree.Element

+ func (c *Conditions) MarshalXML(e *xml.Encoder, start xml.StartElement) error

+ func (c *Conditions) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

+ type ContactPerson struct

+ Company string

+ ContactType string

+ EmailAddresses []string

+ GivenName string

+ SurName string

+ TelephoneNumbers []string

+ type DefaultAssertionMaker struct

+ func (DefaultAssertionMaker) MakeAssertion(req *IdpAuthnRequest, session *Session) error

+ type Duration time.Duration

+ func (d *Duration) UnmarshalText(text []byte) error

+ func (d Duration) MarshalText() ([]byte, error)

+ type EncryptionMethod struct

+ Algorithm string

+ type Endpoint struct

+ Binding string

+ Location string

+ ResponseLocation string

+ type EntitiesDescriptor struct

+ CacheDuration *time.Duration

+ EntitiesDescriptors []EntitiesDescriptor

+ EntityDescriptors []EntityDescriptor

+ ID *string

+ Name *string

+ Signature *etree.Element

+ ValidUntil *time.Time

+ XMLName xml.Name

+ type EntityDescriptor struct

+ AdditionalMetadataLocations []string

+ AffiliationDescriptor *AffiliationDescriptor

+ AttributeAuthorityDescriptors []AttributeAuthorityDescriptor

+ AuthnAuthorityDescriptors []AuthnAuthorityDescriptor

+ CacheDuration time.Duration

+ ContactPerson *ContactPerson

+ EntityID string

+ ID string

+ IDPSSODescriptors []IDPSSODescriptor

+ Organization *Organization

+ PDPDescriptors []PDPDescriptor

+ RoleDescriptors []RoleDescriptor

+ SPSSODescriptors []SPSSODescriptor

+ Signature *etree.Element

+ ValidUntil time.Time

+ XMLName xml.Name

+ func (m *EntityDescriptor) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

+ func (m EntityDescriptor) MarshalXML(e *xml.Encoder, start xml.StartElement) error

+ type ErrBadStatus struct

+ Status string

+ func (e ErrBadStatus) Error() string

+ type IDPSSODescriptor struct

+ AssertionIDRequestServices []Endpoint

+ AttributeProfiles []string

+ Attributes []Attribute

+ NameIDMappingServices []Endpoint

+ SingleSignOnServices []Endpoint

+ WantAuthnRequestsSigned *bool

+ XMLName xml.Name

+ type IdentityProvider struct

+ AssertionMaker AssertionMaker

+ Certificate *x509.Certificate

+ Intermediates []*x509.Certificate

+ Key crypto.PrivateKey

+ Logger logger.Interface

+ LogoutURL url.URL

+ MetadataURL url.URL

+ SSOURL url.URL

+ ServiceProviderProvider ServiceProviderProvider

+ SessionProvider SessionProvider

+ SignatureMethod string

+ ValidDuration *time.Duration

+ func (idp *IdentityProvider) Handler() http.Handler

+ func (idp *IdentityProvider) Metadata() *EntityDescriptor

+ func (idp *IdentityProvider) ServeIDPInitiated(w http.ResponseWriter, r *http.Request, serviceProviderID string, ...)

+ func (idp *IdentityProvider) ServeMetadata(w http.ResponseWriter, r *http.Request)

+ func (idp *IdentityProvider) ServeSSO(w http.ResponseWriter, r *http.Request)

+ type IdpAuthnRequest struct

+ ACSEndpoint *IndexedEndpoint

+ Assertion *Assertion

+ AssertionEl *etree.Element

+ HTTPRequest *http.Request

+ IDP *IdentityProvider

+ Now time.Time

+ RelayState string

+ Request AuthnRequest

+ RequestBuffer []byte

+ ResponseEl *etree.Element

+ SPSSODescriptor *SPSSODescriptor

+ ServiceProviderMetadata *EntityDescriptor

+ func NewIdpAuthnRequest(idp *IdentityProvider, r *http.Request) (*IdpAuthnRequest, error)

+ func (req *IdpAuthnRequest) MakeAssertionEl() error

+ func (req *IdpAuthnRequest) MakeResponse() error

+ func (req *IdpAuthnRequest) Validate() error

+ func (req *IdpAuthnRequest) WriteResponse(w http.ResponseWriter) error

+ type IndexedEndpoint struct

+ Binding string

+ Index int

+ IsDefault *bool

+ Location string

+ ResponseLocation *string

+ type InvalidResponseError struct

+ Now time.Time

+ PrivateErr error

+ Response string

+ func (ivr *InvalidResponseError) Error() string

+ type Issuer struct

+ Format string

+ NameQualifier string

+ SPNameQualifier string

+ SPProvidedID string

+ Value string

+ XMLName xml.Name

+ func (a *Issuer) Element() *etree.Element

+ type KeyDescriptor struct

+ EncryptionMethods []EncryptionMethod

+ KeyInfo KeyInfo

+ Use string

+ type KeyInfo struct

+ Certificate string

+ XMLName xml.Name

+ type LocalizedName struct

+ Lang string

+ Value string

+ type LocalizedURI struct

+ Lang string

+ Value string

+ type LogoutRequest struct

+ Destination string

+ ID string

+ IssueInstant time.Time

+ Issuer *Issuer

+ NameID *NameID

+ SessionIndex *SessionIndex

+ Signature *etree.Element

+ Version string

+ XMLName xml.Name

+ func (r *LogoutRequest) Bytes() ([]byte, error)

+ func (r *LogoutRequest) Deflate() ([]byte, error)

+ func (r *LogoutRequest) Element() *etree.Element

+ func (r *LogoutRequest) MarshalXML(e *xml.Encoder, start xml.StartElement) error

+ func (r *LogoutRequest) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

+ func (req *LogoutRequest) Post(relayState string) []byte

+ func (req *LogoutRequest) Redirect(relayState string) *url.URL

+ type LogoutResponse struct

+ Consent string

+ Destination string

+ ID string

+ InResponseTo string

+ IssueInstant time.Time

+ Issuer *Issuer

+ Signature *etree.Element

+ Status Status

+ Version string

+ XMLName xml.Name

+ func (r *LogoutResponse) Element() *etree.Element

+ func (r *LogoutResponse) MarshalXML(e *xml.Encoder, start xml.StartElement) error

+ func (r *LogoutResponse) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

+ func (resp *LogoutResponse) Post(relayState string) []byte

+ func (resp *LogoutResponse) Redirect(relayState string) *url.URL

+ type NameID struct

+ Format string

+ NameQualifier string

+ SPNameQualifier string

+ SPProvidedID string

+ Value string

+ func (a *NameID) Element() *etree.Element

+ type NameIDFormat string

+ const EmailAddressNameIDFormat

+ const PersistentNameIDFormat

+ const TransientNameIDFormat

+ const UnspecifiedNameIDFormat

+ func (n NameIDFormat) Element() *etree.Element

+ type NameIDPolicy struct

+ AllowCreate *bool

+ Format *string

+ SPNameQualifier *string

+ XMLName xml.Name

+ func (a *NameIDPolicy) Element() *etree.Element

+ type OneTimeUse struct

+ func (a *OneTimeUse) Element() *etree.Element

+ type Organization struct

+ OrganizationDisplayNames []LocalizedName

+ OrganizationNames []LocalizedName

+ OrganizationURLs []LocalizedURI

+ type PDPDescriptor struct

+ AssertionIDRequestServices []Endpoint

+ AuthzServices []Endpoint

+ NameIDFormats []NameIDFormat

+ type ProxyRestriction struct

+ Audiences []Audience

+ Count *int

+ func (a *ProxyRestriction) Element() *etree.Element

+ type RelaxedTime time.Time

+ func (m *RelaxedTime) UnmarshalText(text []byte) error

+ func (m RelaxedTime) MarshalText() ([]byte, error)

+ func (m RelaxedTime) String() string

+ type RequestedAttribute struct

+ IsRequired *bool

+ type Response struct

+ Assertion *Assertion

+ Consent string

+ Destination string

+ EncryptedAssertion *etree.Element

+ ID string

+ InResponseTo string

+ IssueInstant time.Time

+ Issuer *Issuer

+ Signature *etree.Element

+ Status Status

+ Version string

+ XMLName xml.Name

+ func (r *Response) Element() *etree.Element

+ func (r *Response) MarshalXML(e *xml.Encoder, start xml.StartElement) error

+ func (r *Response) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

+ type RoleDescriptor struct

+ CacheDuration time.Duration

+ ContactPeople []ContactPerson

+ ErrorURL string

+ ID string

+ KeyDescriptors []KeyDescriptor

+ Organization *Organization

+ ProtocolSupportEnumeration string

+ Signature *etree.Element

+ ValidUntil *time.Time

+ type SPSSODescriptor struct

+ AssertionConsumerServices []IndexedEndpoint

+ AttributeConsumingServices []AttributeConsumingService

+ AuthnRequestsSigned *bool

+ WantAssertionsSigned *bool

+ XMLName xml.Name

+ type SSODescriptor struct

+ ArtifactResolutionServices []IndexedEndpoint

+ ManageNameIDServices []Endpoint

+ NameIDFormats []NameIDFormat

+ SingleLogoutServices []Endpoint

+ type ServiceProvider struct

+ AcsURL url.URL

+ AllowIDPInitiated bool

+ AuthnNameIDFormat NameIDFormat

+ Certificate *x509.Certificate

+ EntityID string

+ ForceAuthn *bool

+ IDPMetadata *EntityDescriptor

+ Intermediates []*x509.Certificate

+ Key *rsa.PrivateKey

+ MetadataURL url.URL

+ MetadataValidDuration time.Duration

+ SignatureMethod string

+ SignatureVerifier SignatureVerifier

+ SloURL url.URL

+ func (sp *ServiceProvider) GetSLOBindingLocation(binding string) string

+ func (sp *ServiceProvider) GetSSOBindingLocation(binding string) string

+ func (sp *ServiceProvider) MakeAuthenticationRequest(idpURL string, binding string) (*AuthnRequest, error)

+ func (sp *ServiceProvider) MakeLogoutRequest(idpURL, nameID string) (*LogoutRequest, error)

+ func (sp *ServiceProvider) MakeLogoutResponse(idpURL, logoutRequestID string) (*LogoutResponse, error)

+ func (sp *ServiceProvider) MakePostAuthenticationRequest(relayState string) ([]byte, error)

+ func (sp *ServiceProvider) MakePostLogoutRequest(nameID, relayState string) ([]byte, error)

+ func (sp *ServiceProvider) MakePostLogoutResponse(logoutRequestID, relayState string) ([]byte, error)

+ func (sp *ServiceProvider) MakeRedirectAuthenticationRequest(relayState string) (*url.URL, error)

+ func (sp *ServiceProvider) MakeRedirectLogoutRequest(nameID, relayState string) (*url.URL, error)

+ func (sp *ServiceProvider) MakeRedirectLogoutResponse(logoutRequestID, relayState string) (*url.URL, error)

+ func (sp *ServiceProvider) Metadata() *EntityDescriptor

+ func (sp *ServiceProvider) ParseResponse(req *http.Request, possibleRequestIDs []string) (*Assertion, error)

+ func (sp *ServiceProvider) ParseXMLResponse(decodedResponseXML []byte, possibleRequestIDs []string) (*Assertion, error)

+ func (sp *ServiceProvider) SignAuthnRequest(req *AuthnRequest) error

+ func (sp *ServiceProvider) SignLogoutRequest(req *LogoutRequest) error

+ func (sp *ServiceProvider) SignLogoutResponse(resp *LogoutResponse) error

+ func (sp *ServiceProvider) ValidateLogoutResponseForm(postFormData string) error

+ func (sp *ServiceProvider) ValidateLogoutResponseRedirect(queryParameterData string) error

+ func (sp *ServiceProvider) ValidateLogoutResponseRequest(req *http.Request) error

+ type ServiceProviderProvider interface

+ GetServiceProvider func(r *http.Request, serviceProviderID string) (*EntityDescriptor, error)

+ type Session struct

+ CreateTime time.Time

+ CustomAttributes []Attribute

+ ExpireTime time.Time

+ Groups []string

+ ID string

+ Index string

+ NameID string

+ UserCommonName string

+ UserEmail string

+ UserGivenName string

+ UserName string

+ UserScopedAffiliation string

+ UserSurname string

+ type SessionIndex struct

+ Value string

+ func (s *SessionIndex) Element() *etree.Element

+ type SessionProvider interface

+ GetSession func(w http.ResponseWriter, r *http.Request, req *IdpAuthnRequest) *Session

+ type SignatureVerifier interface

+ VerifySignature func(validationContext *dsig.ValidationContext, el *etree.Element) error

+ type Status struct

+ StatusCode StatusCode

+ StatusDetail *StatusDetail

+ StatusMessage *StatusMessage

+ XMLName xml.Name

+ func (s *Status) Element() *etree.Element

+ type StatusCode struct

+ StatusCode *StatusCode

+ Value string

+ XMLName xml.Name

+ func (s *StatusCode) Element() *etree.Element

+ type StatusDetail struct

+ Children []*etree.Element

+ func (sm StatusDetail) Element() *etree.Element

+ type StatusMessage struct

+ Value string

+ func (sm StatusMessage) Element() *etree.Element

+ type Subject struct

+ NameID *NameID

+ SubjectConfirmations []SubjectConfirmation

+ XMLName xml.Name

+ func (a *Subject) Element() *etree.Element

+ type SubjectConfirmation struct

+ Method string

+ NameID *NameID

+ SubjectConfirmationData *SubjectConfirmationData

+ func (a *SubjectConfirmation) Element() *etree.Element

+ type SubjectConfirmationData struct

+ Address string

+ InResponseTo string

+ NotBefore time.Time

+ NotOnOrAfter time.Time

+ Recipient string

+ func (s *SubjectConfirmationData) Element() *etree.Element

+ func (s *SubjectConfirmationData) MarshalXML(e *xml.Encoder, start xml.StartElement) error

+ func (s *SubjectConfirmationData) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

+ type SubjectLocality struct

+ Address string

+ DNSName string

+ func (a *SubjectLocality) Element() *etree.Element