Documentation
¶
Index ¶
- Variables
- func ConfigureTLS() (*tls.Config, error)
- func SaveSpFromMetadata(metadata io.ReadCloser) error
- type AssertionConsumerService
- type AttributeSource
- type Auditor
- type IDP
- func (i *IDP) DefaultArtifactResolveHandler() http.HandlerFunc
- func (i *IDP) DefaultECPHandler() http.HandlerFunc
- func (i *IDP) DefaultMetadataHandler() (http.HandlerFunc, error)
- func (i *IDP) DefaultPasswordLoginHandler() http.HandlerFunc
- func (i *IDP) DefaultQueryHandler() http.HandlerFunc
- func (i *IDP) DefaultRedirectSLOHandler() http.HandlerFunc
- func (i *IDP) DefaultRedirectSSOHandler() http.HandlerFunc
- func (i *IDP) Handler() (http.Handler, error)
- func (i *IDP) LogoutPost(logoutReq *saml.LogoutRequest) []byte
- type LoginType
- type PasswordValidator
- type SPMetadataUrl
- type ServiceProvider
- type SingleLogoutService
- type UserAttributes
- type UserPassword
Constants ¶
This section is empty.
Variables ¶
var ErrInvalidPassword = errors.New("invalid login or password")
ErrInvalidPassword should be returned by PasswordValidator if the account doesn't exist or the password is incorrect.
Functions ¶
func ConfigureTLS ¶
ConfigureTLS not requiring users to present client certificates.
func SaveSpFromMetadata ¶
func SaveSpFromMetadata(metadata io.ReadCloser) error
Types ¶
type AssertionConsumerService ¶
AssertionConsumerService is a SAML assertion consumer service
type AttributeSource ¶
type AttributeSource interface {
AddAttributes(*model.User, *model.AuthnRequest) error
}
AttributeSource allows implementations to retrieve user attributes from any upstream source such as a database, LDAP, or Web service.
func DefaultAttributeSource ¶
func DefaultAttributeSource() (AttributeSource, error)
DefaultAttributeSource provides a default SAML attribute source that reads user information from the users key in the viper configuration
type Auditor ¶
type Auditor interface {
LogSuccess(*model.User, *model.AuthnRequest, LoginType)
}
Auditor is responsible for capturing login events
func DefaultAuditor ¶
func DefaultAuditor() Auditor
DefaultAuditor returns a do nothing Auditor implementation
type IDP ¶
type IDP struct {
// You can include other routes by providing a router or
// one will be created. Alternatively, you can add routes and
// middleware to the Handler
Router *httprouter.Router
// Short term cache for saving state during authentication
TempCache store.Cache
// Longer term cache of authenticated users
UserCache store.Cache
TLSConfig *tls.Config
PasswordValidator PasswordValidator
AttributeSources []AttributeSource
MetadataHandler http.HandlerFunc
ArtifactResolveHandler http.HandlerFunc
RedirectSSOHandler http.HandlerFunc
RedirectSLOHandler http.HandlerFunc
ECPHandler http.HandlerFunc
PasswordLoginHandler http.HandlerFunc
QueryHandler http.HandlerFunc
Error func(w http.ResponseWriter, error string, code int)
UIHandler http.Handler
Auditor Auditor
EnableTLS bool
// contains filtered or unexported fields
}
IDP is the main data structure for the IDP. Public members can be used to alter behavior. Otherwise defaults are fine.
func (*IDP) DefaultArtifactResolveHandler ¶
func (i *IDP) DefaultArtifactResolveHandler() http.HandlerFunc
DefaultArtifactResolveHandler is the default implementation for the artifact resolution handler. It can be used as is, wrapped in other handlers, or replaced completely.
func (*IDP) DefaultECPHandler ¶
func (i *IDP) DefaultECPHandler() http.HandlerFunc
func (*IDP) DefaultMetadataHandler ¶
func (i *IDP) DefaultMetadataHandler() (http.HandlerFunc, error)
DefaultMetadataHandler is the default implementation for the metadata display handler. It can be used as is, wrapped in other handlers, or replaced completely.
func (*IDP) DefaultPasswordLoginHandler ¶
func (i *IDP) DefaultPasswordLoginHandler() http.HandlerFunc
DefaultPasswordLoginHandler is the default implementation for the password login handler. It can be used as is, wrapped in other handlers, or replaced completely.
func (*IDP) DefaultQueryHandler ¶
func (i *IDP) DefaultQueryHandler() http.HandlerFunc
DefaultQueryHandler is the default implementation for the attribute query handler. It can be used as is, wrapped in other handlers, or replaced completely.
func (*IDP) DefaultRedirectSLOHandler ¶
func (i *IDP) DefaultRedirectSLOHandler() http.HandlerFunc
func (*IDP) DefaultRedirectSSOHandler ¶
func (i *IDP) DefaultRedirectSSOHandler() http.HandlerFunc
DefaultRedirectSSOHandler is the default implementation for the redirect login handler. It can be used as is, wrapped in other handlers, or replaced completely.
func (*IDP) LogoutPost ¶
func (i *IDP) LogoutPost(logoutReq *saml.LogoutRequest) []byte
type PasswordValidator ¶
PasswordValidator validates a user's password
func LdapValidator ¶
func LdapValidator() (PasswordValidator, error)
LdapValidator returns a sample validator that compares passwords to the bcrypt stored values for a user's password defined in the users key of the IDP's configuration
type SPMetadataUrl ¶
type SPMetadataUrl struct {
Url string
}
type ServiceProvider ¶
type ServiceProvider struct {
EntityID string
AssertionConsumerServices []AssertionConsumerService
SingleLogoutServices []SingleLogoutService
Certificate string
// contains filtered or unexported fields
}
ServiceProvider stores the Service Provider metadata required by the IdP
func ReadSPMetadata ¶
func ReadSPMetadata(metadata io.Reader) (*ServiceProvider, error)
ReadSPMetadata reads XML metadata from a reader
type SingleLogoutService ¶
SingleLogoutService is where slo access
type UserAttributes ¶
UserAttributes holds attributes for a given user
type UserPassword ¶
UserPassword holds a user and their associated password.
Source Files