samlprotocol

package
v0.0.0-...-61a1afd Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 27, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

View Source 
const (

	// StatusRequester means the request could not be performed due to an error on the part of the requester.
	StatusRequester = "urn:oasis:names:tc:SAML:2.0:status:Requester"

	// StatusResponder means the request could not be performed due to an error on the part of the SAML responder or SAML authority.
	StatusResponder = "urn:oasis:names:tc:SAML:2.0:status:Responder"

	// StatusVersionMismatch means the SAML responder could not process the request because the version of the request message was incorrect.
	StatusVersionMismatch = "urn:oasis:names:tc:SAML:2.0:status:VersionMismatch"

	// StatusAuthnFailed means the responding provider was unable to successfully authenticate the principal.
	StatusAuthnFailed = "urn:oasis:names:tc:SAML:2.0:status:AuthnFailed"

	// StatusInvalidAttrNameOrValue means Unexpected or invalid content was encountered within a <saml:Attribute> or <saml:AttributeValue> element.
	StatusInvalidAttrNameOrValue = "urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue"

	// StatusInvalidNameIDPolicy means the responding provider cannot or will not support the requested name identifier policy.
	StatusInvalidNameIDPolicy = "urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy"

	// StatusNoAuthnContext means the specified authentication context requirements cannot be met by the responder.
	StatusNoAuthnContext = "urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext"

	// StatusNoAvailableIDP is used by an intermediary to indicate that none of the supported identity provider <Loc> elements in an <IDPList> can be resolved or that none of the supported identity providers are available.
	StatusNoAvailableIDP = "urn:oasis:names:tc:SAML:2.0:status:NoAvailableIDP"

	// StatusNoPassive means Indicates the responding provider cannot authenticate the principal passively, as has been requested.
	StatusNoPassive = "urn:oasis:names:tc:SAML:2.0:status:NoPassive" //nolint:gosec

	// StatusNoSupportedIDP is used by an intermediary to indicate that none of the identity providers in an <IDPList> are supported by the intermediary.
	StatusNoSupportedIDP = "urn:oasis:names:tc:SAML:2.0:status:NoSupportedIDP"

	// StatusPartialLogout is used by a session authority to indicate to a session participant that it was not able to propagate logout to all other session participants.
	StatusPartialLogout = "urn:oasis:names:tc:SAML:2.0:status:PartialLogout"

	// StatusProxyCountExceeded means Indicates that a responding provider cannot authenticate the principal directly and is not permitted to proxy the request further.
	StatusProxyCountExceeded = "urn:oasis:names:tc:SAML:2.0:status:ProxyCountExceeded"

	// StatusRequestDenied means the SAML responder or SAML authority is able to process the request but has chosen not to respond. This status code MAY be used when there is concern about the security context of the request message or the sequence of request messages received from a particular requester.
	StatusRequestDenied = "urn:oasis:names:tc:SAML:2.0:status:RequestDenied"

	// StatusRequestUnsupported means the SAML responder or SAML authority does not support the request.
	StatusRequestUnsupported = "urn:oasis:names:tc:SAML:2.0:status:RequestUnsupported"

	// StatusRequestVersionDeprecated means the SAML responder cannot process any requests with the protocol version specified in the request.
	StatusRequestVersionDeprecated = "urn:oasis:names:tc:SAML:2.0:status:RequestVersionDeprecated" //nolint:gosec

	// StatusRequestVersionTooHigh means the SAML responder cannot process the request because the protocol version specified in the request message is a major upgrade from the highest protocol version supported by the responder.
	StatusRequestVersionTooHigh = "urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooHigh"

	// StatusRequestVersionTooLow means the SAML responder cannot process the request because the protocol version specified in the request message is too low.
	StatusRequestVersionTooLow = "urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooLow"

	// StatusResourceNotRecognized means the resource value provided in the request message is invalid or unrecognized.
	StatusResourceNotRecognized = "urn:oasis:names:tc:SAML:2.0:status:ResourceNotRecognized"

	// StatusTooManyResponses means the response message would contain more elements than the SAML responder is able to return.
	StatusTooManyResponses = "urn:oasis:names:tc:SAML:2.0:status:TooManyResponses"

	// StatusUnknownAttrProfile means an entity that has no knowledge of a particular attribute profile has been presented with an attribute means drawn from that profile.
	StatusUnknownAttrProfile = "urn:oasis:names:tc:SAML:2.0:status:UnknownAttrProfile"

	// StatusUnknownPrincipal means the responding provider does not recognize the principal specified or implied by the request.
	StatusUnknownPrincipal = "urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal"

	// StatusUnsupportedBinding means the SAML responder cannot properly fulfill the request using the protocol binding specified in the request.
	StatusUnsupportedBinding = "urn:oasis:names:tc:SAML:2.0:status:UnsupportedBinding"
)
View Source 
const (
	SAMLAttrnameFormatBasic = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
)
View Source 
const (
	SAMLIssertFormatEntity = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
)
View Source 
const (
	// https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf 3.2.2
	SAMLVersion2 string = "2.0"
)

Variables

View Source 
var ACSSupportedBindings []SAMLBinding = []SAMLBinding{
	SAMLBindingHTTPPost,
}
View Source 
var ErrServiceProviderNotFound = &serviceProviderNotFoundError{}
View Source 
var (
	SAMLAttrTypeString = fmt.Sprintf("%s:string", xmlSchemaNamespace)
)
View Source 
var SLOSupportedBindings []SAMLBinding = []SAMLBinding{
	SAMLBindingHTTPRedirect,
	SAMLBindingHTTPPost,
}
View Source 
var SSOSupportedBindings []SAMLBinding = []SAMLBinding{
	SAMLBindingHTTPRedirect,
	SAMLBindingHTTPPost,
}
View Source 
var StatusSuccess = "urn:oasis:names:tc:SAML:2.0:status:Success"

StatusSuccess means the request succeeded. Additional information MAY be returned in the <StatusMessage> and/or <StatusDetail> elements.

TODO(ross): this value is mostly constant, but is mutated in tests. Fix the hacky test so this can be const.

Functions

func GenerateAssertionID 

func GenerateAssertionID() string

func GenerateLogoutRequestID 

func GenerateLogoutRequestID() string

func GenerateResponseID 

func GenerateResponseID() string

Types

type ArtifactResolve 

type ArtifactResolve struct {
	XMLName      xml.Name  `xml:"urn:oasis:names:tc:SAML:2.0:protocol ArtifactResolve"`
	ID           string    `xml:",attr"`
	Version      string    `xml:",attr"`
	IssueInstant time.Time `xml:",attr"`
	Issuer       *Issuer   `xml:"urn:oasis:names:tc:SAML:2.0:assertion Issuer"`
	Signature    *etree.Element
	Artifact     string `xml:"urn:oasis:names:tc:SAML:2.0:protocol Artifact"`
}

ArtifactResolve represents the SAML object of the same name.

func (*ArtifactResolve) Element 

func (r *ArtifactResolve) Element() *etree.Element

Element returns an etree.Element representing the object in XML form.

func (*ArtifactResolve) MarshalXML 

func (r *ArtifactResolve) MarshalXML(e *xml.Encoder, _ xml.StartElement) error

MarshalXML implements xml.Marshaler

func (*ArtifactResolve) SoapRequest 

func (r *ArtifactResolve) SoapRequest() *etree.Element

SoapRequest returns a SOAP Envelope contining the ArtifactResolve request

func (*ArtifactResolve) UnmarshalXML 

func (r *ArtifactResolve) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

UnmarshalXML implements xml.Unmarshaler

type ArtifactResponse 

type ArtifactResponse struct {
	XMLName      xml.Name  `xml:"urn:oasis:names:tc:SAML:2.0:protocol ArtifactResponse"`
	ID           string    `xml:",attr"`
	InResponseTo string    `xml:",attr"`
	Version      string    `xml:",attr"`
	IssueInstant time.Time `xml:",attr"`
	Issuer       *Issuer   `xml:"urn:oasis:names:tc:SAML:2.0:assertion Issuer"`
	Signature    *etree.Element
	Status       Status   `xml:"urn:oasis:names:tc:SAML:2.0:protocol Status"`
	Response     Response `xml:"urn:oasis:names:tc:SAML:2.0:protocol Response"`
}

ArtifactResponse represents the SAML object of the same name.

func (*ArtifactResponse) Element 

func (r *ArtifactResponse) Element() *etree.Element

Element returns an etree.Element representing the object in XML form.

func (*ArtifactResponse) MarshalXML 

func (r *ArtifactResponse) MarshalXML(e *xml.Encoder, _ xml.StartElement) error

MarshalXML implements xml.Marshaler

func (*ArtifactResponse) UnmarshalXML 

func (r *ArtifactResponse) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

UnmarshalXML implements xml.Unmarshaler

type Assertion 

type Assertion struct {
	XMLName      xml.Name  `xml:"urn:oasis:names:tc:SAML:2.0:assertion Assertion"`
	ID           string    `xml:",attr"`
	IssueInstant time.Time `xml:",attr"`
	Version      string    `xml:",attr"`
	Issuer       Issuer    `xml:"urn:oasis:names:tc:SAML:2.0:assertion Issuer"`
	Signature    *etree.Element
	Subject      *Subject
	Conditions   *Conditions
	// Advice *Advice
	// Statements []Statement
	AuthnStatements []AuthnStatement `xml:"AuthnStatement"`
	// AuthzDecisionStatements []AuthzDecisionStatement
	AttributeStatements []AttributeStatement `xml:"AttributeStatement"`
}

Assertion represents the SAML element Assertion.

See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf §2.3.3

func (*Assertion) Element 

func (a *Assertion) Element() *etree.Element

Element returns an etree.Element representing the object in XML form.

func (*Assertion) UnmarshalXML 

func (a *Assertion) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

UnmarshalXML implements xml.Unmarshaler

type Attribute 

type Attribute struct {
	FriendlyName string           `xml:",attr"`
	Name         string           `xml:",attr"`
	NameFormat   string           `xml:",attr"`
	Values       []AttributeValue `xml:"AttributeValue"`
}

Attribute represents the SAML element Attribute.

See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf §2.7.3.1

func (*Attribute) Element 

func (a *Attribute) Element() *etree.Element

Element returns an etree.Element representing the object in XML form.

type AttributeStatement 

type AttributeStatement struct {
	Attributes []Attribute `xml:"Attribute"`
}

AttributeStatement represents the SAML element AttributeStatement.

See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf §2.7.3

func (*AttributeStatement) Element 

func (a *AttributeStatement) Element() *etree.Element

Element returns an etree.Element representing the object in XML form.

type AttributeValue 

type AttributeValue struct {
	Type   string `xml:"http://www.w3.org/2001/XMLSchema-instance type,attr"`
	Value  string `xml:",chardata"`
	NameID *NameID
}

AttributeValue represents the SAML element AttributeValue.

See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf §2.7.3.1.1

func (*AttributeValue) Element 

func (a *AttributeValue) Element() *etree.Element

Element returns an etree.Element representing the object in XML form.

type Audience 

type Audience struct {
	Value string `xml:",chardata"`
}

Audience represents the SAML element Audience.

See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf §2.5.1.4

func (*Audience) Element 

func (a *Audience) Element() *etree.Element

Element returns an etree.Element representing the object in XML form.

type AudienceRestriction 

type AudienceRestriction struct {
	Audience []Audience
}

AudienceRestriction represents the SAML element AudienceRestriction.

See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf §2.5.1.4

func (*AudienceRestriction) Element 

func (a *AudienceRestriction) Element() *etree.Element

Element returns an etree.Element representing the object in XML form.

type AuthnContext 

type AuthnContext struct {
	AuthnContextClassRef *AuthnContextClassRef
}

AuthnContext represents the SAML element AuthnContext.

See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf §2.7.2.2

func (*AuthnContext) Element 

func (a *AuthnContext) Element() *etree.Element

Element returns an etree.Element representing the object in XML form.

type AuthnContextClassRef 

type AuthnContextClassRef struct {
	Value string `xml:",chardata"`
}

AuthnContextClassRef represents the SAML element AuthnContextClassRef.

See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf §2.7.2.2

func (*AuthnContextClassRef) Element 

func (a *AuthnContextClassRef) Element() *etree.Element

Element returns an etree.Element representing the object in XML form.

type AuthnRequest 

type AuthnRequest struct {
	XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol AuthnRequest"`

	ID           string    `xml:",attr"`
	Version      string    `xml:",attr"`
	IssueInstant time.Time `xml:",attr"`
	Destination  string    `xml:",attr"`
	Consent      string    `xml:",attr"`
	Issuer       *Issuer   `xml:"urn:oasis:names:tc:SAML:2.0:assertion Issuer"`
	Signature    *etree.Element

	Subject               *Subject
	NameIDPolicy          *NameIDPolicy `xml:"urn:oasis:names:tc:SAML:2.0:protocol NameIDPolicy"`
	Conditions            *Conditions
	RequestedAuthnContext *RequestedAuthnContext

	ForceAuthn                     *bool  `xml:",attr"`
	IsPassive                      *bool  `xml:",attr"`
	AssertionConsumerServiceIndex  string `xml:",attr"`
	AssertionConsumerServiceURL    string `xml:",attr"`
	ProtocolBinding                string `xml:",attr"`
	AttributeConsumingServiceIndex string `xml:",attr"`
	ProviderName                   string `xml:",attr"`
}

AuthnRequest represents the SAML object of the same name, a request from a service provider to authenticate a user.

See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

func ParseAuthnRequest 

func ParseAuthnRequest(input []byte) (*AuthnRequest, error)

func (*AuthnRequest) CollectAudiences 

func (a *AuthnRequest) CollectAudiences() (audiences []string)

func (*AuthnRequest) Element 

func (r *AuthnRequest) Element() *etree.Element

Element returns an etree.Element representing the object in XML form.

func (*AuthnRequest) GetForceAuthn 

func (a *AuthnRequest) GetForceAuthn() bool

func (*AuthnRequest) GetIsPassive 

func (a *AuthnRequest) GetIsPassive() bool

func (*AuthnRequest) GetNameIDFormat 

func (a *AuthnRequest) GetNameIDFormat() (SAMLNameIDFormat, bool)

func (*AuthnRequest) GetProtocolBinding 

func (a *AuthnRequest) GetProtocolBinding() SAMLBinding

func (*AuthnRequest) MarshalXML 

func (r *AuthnRequest) MarshalXML(e *xml.Encoder, _ xml.StartElement) error

MarshalXML implements xml.Marshaler

func (*AuthnRequest) ToXMLBytes 

func (a *AuthnRequest) ToXMLBytes() []byte

func (*AuthnRequest) UnmarshalXML 

func (r *AuthnRequest) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

UnmarshalXML implements xml.Unmarshaler

type AuthnStatement 

type AuthnStatement struct {
	AuthnInstant        time.Time  `xml:",attr"`
	SessionIndex        string     `xml:",attr"`
	SessionNotOnOrAfter *time.Time `xml:",attr,omitempty"`
	SubjectLocality     *SubjectLocality
	AuthnContext        AuthnContext
}

AuthnStatement represents the SAML element AuthnStatement.

See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf §2.7.2

func (*AuthnStatement) Element 

func (a *AuthnStatement) Element() *etree.Element

Element returns an etree.Element representing the object in XML form.

func (*AuthnStatement) MarshalXML 

func (a *AuthnStatement) MarshalXML(e *xml.Encoder, start xml.StartElement) error

MarshalXML implements xml.Marshaler

func (*AuthnStatement) UnmarshalXML 

func (a *AuthnStatement) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

UnmarshalXML implements xml.Unmarshaler

type Conditions 

type Conditions struct {
	NotBefore            time.Time             `xml:",attr"`
	NotOnOrAfter         time.Time             `xml:",attr"`
	AudienceRestrictions []AudienceRestriction `xml:"AudienceRestriction"`
	OneTimeUse           *OneTimeUse
	ProxyRestriction     *ProxyRestriction
}

Conditions represents the SAML element Conditions.

See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf §2.5.1

func (*Conditions) Element 

func (c *Conditions) Element() *etree.Element

Element returns an etree.Element representing the object in XML form.

func (*Conditions) MarshalXML 

func (c *Conditions) MarshalXML(e *xml.Encoder, start xml.StartElement) error

MarshalXML implements xml.Marshaler

func (*Conditions) UnmarshalXML 

func (c *Conditions) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

UnmarshalXML implements xml.Unmarshaler

type EntityDescriptor 

type EntityDescriptor struct {
	XMLName                       xml.Name      `xml:"urn:oasis:names:tc:SAML:2.0:metadata EntityDescriptor"`
	EntityID                      string        `xml:"entityID,attr"`
	ID                            string        `xml:",attr,omitempty"`
	ValidUntil                    *time.Time    `xml:"validUntil,attr,omitempty"`
	CacheDuration                 time.Duration `xml:"cacheDuration,attr,omitempty"`
	Signature                     *etree.Element
	RoleDescriptors               []crewjamsaml.RoleDescriptor               `xml:"RoleDescriptor"`
	IDPSSODescriptors             []crewjamsaml.IDPSSODescriptor             `xml:"IDPSSODescriptor"`
	SPSSODescriptors              []crewjamsaml.SPSSODescriptor              `xml:"SPSSODescriptor"`
	AuthnAuthorityDescriptors     []crewjamsaml.AuthnAuthorityDescriptor     `xml:"AuthnAuthorityDescriptor"`
	AttributeAuthorityDescriptors []crewjamsaml.AttributeAuthorityDescriptor `xml:"AttributeAuthorityDescriptor"`
	PDPDescriptors                []crewjamsaml.PDPDescriptor                `xml:"PDPDescriptor"`
	AffiliationDescriptor         *crewjamsaml.AffiliationDescriptor
	Organization                  *crewjamsaml.Organization
	ContactPerson                 *crewjamsaml.ContactPerson
	AdditionalMetadataLocations   []string `xml:"AdditionalMetadataLocation"`
}

Copied from https://github.com/crewjam/saml/blob/main/metadata.go#L53 The type of ValidUntil is time.Time causing it cannot be omitted So we make our own EntityDescriptor

func (EntityDescriptor) MarshalXML 

func (m EntityDescriptor) MarshalXML(e *xml.Encoder, _ xml.StartElement) error

MarshalXML implements xml.Marshaler

func (*EntityDescriptor) UnmarshalXML 

func (m *EntityDescriptor) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

UnmarshalXML implements xml.Unmarshaler

type InvalidRequestError 

type InvalidRequestError struct {
	Field    string
	Actual   string
	Expected []string
	Reason   string
}

func (*InvalidRequestError) Error 

func (s *InvalidRequestError) Error() string

func (*InvalidRequestError) ErrorCode 

func (s *InvalidRequestError) ErrorCode() SAMLErrorCode

func (*InvalidRequestError) GetDetailElements 

func (s *InvalidRequestError) GetDetailElements() []*etree.Element

type InvalidSignatureError 

type InvalidSignatureError struct {
	Cause error
}

func (*InvalidSignatureError) Error 

func (s *InvalidSignatureError) Error() string

func (*InvalidSignatureError) ErrorCode 

func (s *InvalidSignatureError) ErrorCode() SAMLErrorCode

func (*InvalidSignatureError) GetDetailElements 

func (s *InvalidSignatureError) GetDetailElements() []*etree.Element

func (*InvalidSignatureError) Unwrap 

func (s *InvalidSignatureError) Unwrap() error

type Issuer 

type Issuer struct {
	XMLName         xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:assertion Issuer"`
	NameQualifier   string   `xml:",attr"`
	SPNameQualifier string   `xml:",attr"`
	Format          string   `xml:",attr"`
	SPProvidedID    string   `xml:",attr"`
	Value           string   `xml:",chardata"`
}

Issuer represents the SAML object of the same name.

See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

func (*Issuer) Element 

func (a *Issuer) Element() *etree.Element

Element returns an etree.Element representing the object in XML form.

type LogoutRequest 

type LogoutRequest struct {
	XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol LogoutRequest"`

	ID           string     `xml:",attr"`
	Version      string     `xml:",attr"`
	IssueInstant time.Time  `xml:",attr"`
	NotOnOrAfter *time.Time `xml:",attr"`
	Destination  string     `xml:",attr"`
	Issuer       *Issuer    `xml:"urn:oasis:names:tc:SAML:2.0:assertion Issuer"`
	NameID       *NameID
	Signature    *etree.Element

	SessionIndex *SessionIndex `xml:"SessionIndex"`
}

LogoutRequest represents the SAML object of the same name, a request from an IDP to destroy a user's session.

See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

func ParseLogoutRequest 

func ParseLogoutRequest(input []byte) (*LogoutRequest, error)

func (*LogoutRequest) Bytes 

func (r *LogoutRequest) Bytes() ([]byte, error)

Bytes returns a byte array representation of the LogoutRequest

func (*LogoutRequest) Deflate 

func (r *LogoutRequest) Deflate() ([]byte, error)

Deflate returns a compressed byte array of the LogoutRequest

func (*LogoutRequest) Element 

func (r *LogoutRequest) Element() *etree.Element

Element returns an etree.Element representing the object in XML form.

func (*LogoutRequest) ToXMLBytes 

func (a *LogoutRequest) ToXMLBytes() []byte

func (*LogoutRequest) UnmarshalXML 

func (r *LogoutRequest) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

UnmarshalXML implements xml.Unmarshaler

type LogoutResponse 

type LogoutResponse struct {
	XMLName      xml.Name  `xml:"urn:oasis:names:tc:SAML:2.0:protocol LogoutResponse"`
	ID           string    `xml:",attr"`
	InResponseTo string    `xml:",attr"`
	Version      string    `xml:",attr"`
	IssueInstant time.Time `xml:",attr"`
	Destination  string    `xml:",attr"`
	Consent      string    `xml:",attr"`
	Issuer       *Issuer   `xml:"urn:oasis:names:tc:SAML:2.0:assertion Issuer"`
	Signature    *etree.Element
	Status       Status `xml:"urn:oasis:names:tc:SAML:2.0:protocol Status"`
}

LogoutResponse represents the SAML object of the same name.

See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

func ParseLogoutResponse 

func ParseLogoutResponse(input []byte) (*LogoutResponse, error)

func (*LogoutResponse) Element 

func (r *LogoutResponse) Element() *etree.Element

Element returns an etree.Element representing the object in XML form.

func (*LogoutResponse) MarshalXML 

func (r *LogoutResponse) MarshalXML(e *xml.Encoder, _ xml.StartElement) error

MarshalXML implements xml.Marshaler

func (*LogoutResponse) UnmarshalXML 

func (r *LogoutResponse) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

UnmarshalXML implements xml.Unmarshaler

type Metadata 

type Metadata struct {
	EntityDescriptor
}

func (*Metadata) ToXMLBytes 

func (m *Metadata) ToXMLBytes() []byte

type MissingNameIDError 

type MissingNameIDError struct {
	ExpectedNameIDFormat   string
	NameIDAttributePointer string
}

func (*MissingNameIDError) Error 

func (s *MissingNameIDError) Error() string

func (*MissingNameIDError) ErrorCode 

func (s *MissingNameIDError) ErrorCode() SAMLErrorCode

func (*MissingNameIDError) GetDetailElements 

func (s *MissingNameIDError) GetDetailElements() []*etree.Element

type NameID 

type NameID struct {
	NameQualifier   string `xml:",attr"`
	SPNameQualifier string `xml:",attr"`
	Format          string `xml:",attr"`
	SPProvidedID    string `xml:",attr"`
	Value           string `xml:",chardata"`
}

NameID represents the SAML element NameID.

See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf §2.2.3

func (*NameID) Element 

func (a *NameID) Element() *etree.Element

Element returns an etree.Element representing the object in XML form.

type NameIDPolicy 

type NameIDPolicy struct {
	XMLName         xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol NameIDPolicy"`
	Format          *string  `xml:",attr"`
	SPNameQualifier *string  `xml:",attr"`
	AllowCreate     *bool    `xml:",attr"`
}

NameIDPolicy represents the SAML object of the same name.

See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

func (*NameIDPolicy) Element 

func (a *NameIDPolicy) Element() *etree.Element

Element returns an etree.Element representing the object in XML form.

type OneTimeUse 

type OneTimeUse struct{}

OneTimeUse represents the SAML element OneTimeUse.

See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf §2.5.1.5

func (*OneTimeUse) Element 

func (a *OneTimeUse) Element() *etree.Element

Element returns an etree.Element representing the object in XML form.

type ParseRequestFailedError 

type ParseRequestFailedError struct {
	Reason string
	Cause  error
}

func (*ParseRequestFailedError) Error 

func (s *ParseRequestFailedError) Error() string

func (*ParseRequestFailedError) ErrorCode 

func (s *ParseRequestFailedError) ErrorCode() SAMLErrorCode

func (*ParseRequestFailedError) GetDetailElements 

func (s *ParseRequestFailedError) GetDetailElements() []*etree.Element

func (*ParseRequestFailedError) Unwrap 

func (s *ParseRequestFailedError) Unwrap() error

type ProxyRestriction 

type ProxyRestriction struct {
	Count     *int
	Audiences []Audience
}

ProxyRestriction represents the SAML element ProxyRestriction.

See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf §2.5.1.6

func (*ProxyRestriction) Element 

func (a *ProxyRestriction) Element() *etree.Element

Element returns an etree.Element representing the object in XML form.

type RelaxedTime 

type RelaxedTime = crewjamsaml.RelaxedTime

type RequestedAuthnContext 

type RequestedAuthnContext struct {
	XMLName              xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol RequestedAuthnContext"`
	Comparison           string   `xml:",attr"`
	AuthnContextClassRef string   `xml:"urn:oasis:names:tc:SAML:2.0:assertion AuthnContextClassRef"`
}

RequestedAuthnContext represents the SAML object of the same name, an indication of the requirements on the authentication process.

func (*RequestedAuthnContext) Element 

func (r *RequestedAuthnContext) Element() *etree.Element

Element returns an etree.Element representing the object in XML form.

type Respondable 

type Respondable interface {
	Element() *etree.Element
}

type Response 

type Response struct {
	XMLName      xml.Name  `xml:"urn:oasis:names:tc:SAML:2.0:protocol Response"`
	ID           string    `xml:",attr"`
	InResponseTo string    `xml:",attr"`
	Version      string    `xml:",attr"`
	IssueInstant time.Time `xml:",attr"`
	Destination  string    `xml:",attr"`
	Consent      string    `xml:",attr"`
	Issuer       *Issuer   `xml:"urn:oasis:names:tc:SAML:2.0:assertion Issuer"`
	Signature    *etree.Element
	Status       Status `xml:"urn:oasis:names:tc:SAML:2.0:protocol Status"`

	// TODO(ross): more than one EncryptedAssertion is allowed
	EncryptedAssertion *etree.Element `xml:"urn:oasis:names:tc:SAML:2.0:assertion EncryptedAssertion"`

	// TODO(ross): more than one Assertion is allowed
	Assertion *Assertion `xml:"urn:oasis:names:tc:SAML:2.0:assertion Assertion"`
}

Response represents the SAML object of the same name.

See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

func NewNoPassiveErrorResponse 

func NewNoPassiveErrorResponse(
	issueInstant time.Time,
	issuer string,
) *Response

func NewRequestDeniedErrorResponse 

func NewRequestDeniedErrorResponse(
	issueInstant time.Time,
	issuer string,
	message string,
	details []*etree.Element) *Response

func NewServerErrorResponse 

func NewServerErrorResponse(
	issueInstant time.Time,
	issuer string,
	message string,
	details []*etree.Element) *Response

func NewSuccessResponse 

func NewSuccessResponse(
	issueInstant time.Time,
	issuer string,
	inResponseTo string) *Response

func NewUnexpectedServerErrorResponse 

func NewUnexpectedServerErrorResponse(issueInstant time.Time, issuer string) *Response

func (*Response) Element 

func (r *Response) Element() *etree.Element

Element returns an etree.Element representing the object in XML form.

func (*Response) MarshalXML 

func (r *Response) MarshalXML(e *xml.Encoder, _ xml.StartElement) error

MarshalXML implements xml.Marshaler

func (*Response) UnmarshalXML 

func (r *Response) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

UnmarshalXML implements xml.Unmarshaler

type SAMLBinding 

type SAMLBinding string
const (
	SAMLBindingHTTPRedirect SAMLBinding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
	SAMLBindingHTTPPost     SAMLBinding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
)

func (SAMLBinding) IsACSSupported 

func (b SAMLBinding) IsACSSupported() bool

type SAMLErrorCode 

type SAMLErrorCode string
const (
	SAMLErrorCodeServiceProviderNotFound SAMLErrorCode = "service_provider_not_found"
	SAMLErrorCodeInvalidRequest          SAMLErrorCode = "invalid_request"
	SAMLErrorCodeInvalidSignature        SAMLErrorCode = "invalid_signature"
	SAMLErrorCodeParseRequestFailed      SAMLErrorCode = "parse_request_failed"
	SAMLErrorCodeMissingNameID           SAMLErrorCode = "missing_nameid"
)

type SAMLErrorCodeError 

type SAMLErrorCodeError interface {
	error
	ErrorCode() SAMLErrorCode
	GetDetailElements() []*etree.Element
}

This error can be thrown in any code related to SAML, mainly in saml.Service

type SAMLNameIDFormat 

type SAMLNameIDFormat string
const (
	SAMLNameIDFormatUnspecified  SAMLNameIDFormat = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
	SAMLNameIDFormatEmailAddress SAMLNameIDFormat = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
)

type SessionIndex 

type SessionIndex struct {
	Value string `xml:",chardata"`
}

SessionIndex represents the SAML element SessionIndex.

See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf §3.7.1

func (*SessionIndex) Element 

func (s *SessionIndex) Element() *etree.Element

Element returns an etree.Element representing the object in XML form.

type Status 

type Status struct {
	XMLName       xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol Status"`
	StatusCode    StatusCode
	StatusMessage *StatusMessage
	StatusDetail  *StatusDetail
}

Status represents the SAML object of the same name.

See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

func (*Status) Element 

func (s *Status) Element() *etree.Element

Element returns an etree.Element representing the object in XML form.

type StatusCode 

type StatusCode struct {
	XMLName    xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol StatusCode"`
	Value      string   `xml:",attr"`
	StatusCode *StatusCode
}

StatusCode represents the SAML object of the same name.

See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

func (*StatusCode) Element 

func (s *StatusCode) Element() *etree.Element

Element returns an etree.Element representing the object in XML form.

type StatusDetail 

type StatusDetail struct {
	Children []*etree.Element
}

StatusDetail represents the SAML element StatusDetail.

See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf §3.2.2.4

func (StatusDetail) Element 

func (sm StatusDetail) Element() *etree.Element

Element returns an etree.Element representing the object in XML form.

type StatusMessage 

type StatusMessage struct {
	XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol StatusMessage"`
	Value   string   `xml:",chardata"`
}

StatusMessage represents the SAML element StatusMessage.

See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf §3.2.2.3

func (StatusMessage) Element 

func (sm StatusMessage) Element() *etree.Element

Element returns an etree.Element representing the object in XML form.

type Subject 

type Subject struct {
	XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:assertion Subject"`
	// BaseID               *BaseID  ... TODO
	NameID *NameID
	// EncryptedID          *EncryptedID  ... TODO
	SubjectConfirmations []SubjectConfirmation `xml:"SubjectConfirmation"`
}

Subject represents the SAML element Subject.

See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf §2.4.1

func (*Subject) Element 

func (a *Subject) Element() *etree.Element

Element returns an etree.Element representing the object in XML form.

type SubjectConfirmation 

type SubjectConfirmation struct {
	Method string `xml:",attr"`
	// BaseID               *BaseID  ... TODO
	NameID *NameID
	// EncryptedID          *EncryptedID  ... TODO
	SubjectConfirmationData *SubjectConfirmationData
}

SubjectConfirmation represents the SAML element SubjectConfirmation.

See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf §2.4.1.1

func (*SubjectConfirmation) Element 

func (a *SubjectConfirmation) Element() *etree.Element

Element returns an etree.Element representing the object in XML form.

type SubjectConfirmationData 

type SubjectConfirmationData struct {
	NotBefore    time.Time `xml:",attr"`
	NotOnOrAfter time.Time `xml:",attr"`
	Recipient    string    `xml:",attr"`
	InResponseTo string    `xml:",attr"`
	Address      string    `xml:",attr"`
}

SubjectConfirmationData represents the SAML element SubjectConfirmationData.

See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf §2.4.1.2

func (*SubjectConfirmationData) Element 

func (s *SubjectConfirmationData) Element() *etree.Element

Element returns an etree.Element representing the object in XML form.

func (*SubjectConfirmationData) MarshalXML 

func (s *SubjectConfirmationData) MarshalXML(e *xml.Encoder, start xml.StartElement) error

MarshalXML implements xml.Marshaler

func (*SubjectConfirmationData) UnmarshalXML 

func (s *SubjectConfirmationData) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

UnmarshalXML implements xml.Unmarshaler

type SubjectLocality 

type SubjectLocality struct {
	Address string `xml:",attr"`
	DNSName string `xml:",attr"`
}

SubjectLocality represents the SAML element SubjectLocality.

See http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf §2.7.2.1

func (*SubjectLocality) Element 

func (a *SubjectLocality) Element() *etree.Element

Element returns an etree.Element representing the object in XML form.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.