Documentation
¶
Index ¶
Constants ¶
const (
ErrorUnsupportedCanonicalizer ex.Class = "Unsupported canonicalizer"
)
error classes
Variables ¶
This section is empty.
Functions ¶
func ParseMetadata ¶
func ParseMetadata(config *SAMLConfig) (*x509.Certificate, error)
ParseMetadata parses SAML IDP metadata, extracts basic SAML attributes and certificates for SAML provider
Types ¶
type CanonicalizerAlgorithm ¶
type CanonicalizerAlgorithm string
CanonicalizerAlgorithm identifies the XML canonicalization algorithm that the SAML provider should use to sign XML
const ( CanonicalXML10ExclusiveAlgorithmID CanonicalizerAlgorithm = "http://www.w3.org/2001/10/xml-exc-c14n#" CanonicalXML11AlgorithmID CanonicalizerAlgorithm = "http://www.w3.org/2006/12/xml-c14n11" )
Supported canonicalization algorithms
type Option ¶
type Option func(*SAMLProvider) error
Option mutates a SAML Provider.
func OptClientKeyStore ¶
func OptClientKeyStore(store dsig.X509KeyStore) Option
OptClientKeyStore is used for signing client AuthN requests
func OptSkipSignatureValidation ¶
OptSkipSignatureValidation skips SAML response vaidation.
func OptValidateEncryptionCert ¶
OptValidateEncryptionCert sets validatoin of the ecnryption certificate.
type SAMLConfig ¶
type SAMLConfig struct {
// Identity Provider SSO URL
IdentityProviderSSOURL string
// Identity Provider Issuer
IdentityProviderIssuer string
// Service Provider Issuer
ServiceProviderIssuer string
// Metadata is metadata.xml that has all the above
// attributes plus signing IDP certificate.
Metadata string
//PublicKey certificate is an optional Root CA PEM certificate
//gets added to Saml Provider's list of root CAs
PublicKey []byte
//PrivateKey is an optional private PEM certificate
//counterpart to a PublicKey.
//Public/PrivateKey is used to re-encrypt SAML response
PrivateKey []byte
//Assertion Consumer Service URL
AssertionConsumerServiceURL string
// SAML Audience
AudienceURI string
// Canonicalization Algorithm for XML signing
SigningXMLCanonicalizer CanonicalizerAlgorithm
}
SAMLConfig is the SAML provider configuration.
type SAMLProvider ¶
type SAMLProvider struct {
//Config references SAML configuration
Config *SAMLConfig
//Log is the default logger
Log logger.Logger
//SkipSignatureValidation skips validating SAML response signature
SkipSignatureValidation bool
//ValidateEncryptionCert validates signature certificates if set to true
ValidateEncryptionCert bool
//Provider is SAMLv2 service provider
Provider *saml2.SAMLServiceProvider
//ClientKeyStore to sign Authn requests
ClientKeyStore dsig.X509KeyStore
}
SAMLProvider is wrapper dedicated for verification and validation of SAML assertion documents.
func (*SAMLProvider) BuildURL ¶
func (p *SAMLProvider) BuildURL(state string) (string, error)
BuildURL creates SAML Auth URL
func (*SAMLProvider) OnSAMLResponse ¶
func (p *SAMLProvider) OnSAMLResponse(response string) (*saml2.AssertionInfo, error)
OnSAMLResponse decodes, validates and verifies SAML Assertion Response
type X509KeyStore ¶
type X509KeyStore struct {
// contains filtered or unexported fields
}
X509KeyStore is a store keeping references to public/private signing keys
func (*X509KeyStore) GetKeyPair ¶
func (ks *X509KeyStore) GetKeyPair() (*rsa.PrivateKey, []byte, error)
GetKeyPair returns public/private key pair from a store
Source Files