Versions in this module Expand all Collapse all v0 v0.15.1 Aug 16, 2024 v0.15.0 Jul 8, 2024 v0.14.0 Apr 24, 2024 v0.13.0 Feb 27, 2024 Changes in this version + const CtxKeySamlAuthnRequest + const ErrorCodeSamlInternalGeneral + const ErrorCodeSamlSloRequester + const ErrorCodeSamlSloResponder + const ErrorCodeSamlSsoRequestVersionMismatch + const ErrorCodeSamlSsoRequester + const ErrorCodeSamlSsoResponder + const ErrorSubTypeCodeSamlInternal + const ErrorSubTypeCodeSamlSlo + const ErrorSubTypeCodeSamlSso + const TenantRestrictionTypeAll + const TenantRestrictionTypeAny + var ErrorSamlSloRequester = security.NewCodedError(ErrorCodeSamlSloRequester, "SLO requester error") + var ErrorSamlSloResponder = security.NewCodedError(ErrorCodeSamlSloResponder, "SLO responder error") + var ErrorSubTypeSamlInternal = security.NewErrorSubType(ErrorSubTypeCodeSamlInternal, errors.New("error sub-type: internal")) + var ErrorSubTypeSamlSlo = security.NewErrorSubType(ErrorSubTypeCodeSamlSlo, errors.New("error sub-type: slo")) + var ErrorSubTypeSamlSso = security.NewErrorSubType(ErrorSubTypeCodeSamlSso, errors.New("error sub-type: sso")) + var FeatureId = security.FeatureId("SamlAuthorizeEndpoint", security.FeatureOrderSamlAuthorizeEndpoint) + var Module = &bootstrap.Module + var SloFeatureId = security.FeatureId("SamlSLOEndpoint", security.FeatureOrderSamlLogout) + func DetermineACSEndpoint(req *saml.IdpAuthnRequest) error + func MakeAssertion(ctx context.Context, req *saml.IdpAuthnRequest, ...) error + func MakeAssertionEl(req *saml.IdpAuthnRequest, skipEncryption bool) error + func MakeErrorResponse(req *saml.IdpAuthnRequest, code string, message string) error + func MakeLogoutResponse(req *SamlLogoutRequest, code string, message string) (*saml.LogoutResponse, error) + func NewSamlInternalError(text string, causes ...interface{}) error + func NewSamlRequestVersionMismatch(text string, causes ...interface{}) error + func NewSamlRequesterError(text string, causes ...interface{}) error + func NewSamlResponderError(text string, causes ...interface{}) error + func SignLogoutResponse(idp *saml.IdentityProvider, resp *saml.LogoutResponse) error + func UnmarshalRequest(req *saml.IdpAuthnRequest) error + func Use() + func ValidateAuthnRequest(req *saml.IdpAuthnRequest, spDetails SamlSpDetails, ...) error + type AttributeGenerator func(account security.Account) []saml.Attribute + type DefaultSamlClient struct + TenantRestrictionType string + TenantRestrictions utils.StringSet + func (c DefaultSamlClient) GetEntityId() string + func (c DefaultSamlClient) GetMetadataSource() string + func (c DefaultSamlClient) GetMetadataTrustedKeys() []string + func (c DefaultSamlClient) GetTenantRestrictionType() string + func (c DefaultSamlClient) GetTenantRestrictions() utils.StringSet + func (c DefaultSamlClient) ShouldMetadataRequireSignature() bool + func (c DefaultSamlClient) ShouldMetadataTrustCheck() bool + func (c DefaultSamlClient) ShouldSkipAssertionEncryption() bool + func (c DefaultSamlClient) ShouldSkipAuthRequestSignatureVerification() bool + type Feature struct + func Configure(ws security.WebSecurity) *Feature + func ConfigureLogout(ws security.WebSecurity) *Feature + func New() *Feature + func NewLogout() *Feature + func (f *Feature) EnableSLO(logoutUrl string) *Feature + func (f *Feature) Identifier() security.FeatureIdentifier + func (f *Feature) Issuer(issuer security.Issuer) *Feature + func (f *Feature) MetadataPath(path string) *Feature + func (f *Feature) SigningMethod(signatureMethod string) *Feature + func (f *Feature) SsoCondition(condition web.RequestMatcher) *Feature + func (f *Feature) SsoLocation(location *url.URL) *Feature + type MetadataMiddleware struct + func NewMetadataMiddleware(opts *Options, samlClientStore samlctx.SamlClientStore) *MetadataMiddleware + func (mw *MetadataMiddleware) MetadataHandlerFunc() gin.HandlerFunc + func (mw *MetadataMiddleware) RefreshMetadataHandler(condition web.RequestMatcher) gin.HandlerFunc + type Options struct + Cert *x509.Certificate + EntityIdUrl url.URL + Key crypto.PrivateKey + SigningMethod string + SloUrl url.URL + SsoUrl url.URL + type SamlAuthorizeEndpointConfigurer struct + func (c *SamlAuthorizeEndpointConfigurer) Apply(feature security.Feature, ws security.WebSecurity) (err error) + type SamlAuthorizeEndpointMiddleware struct + func NewSamlAuthorizeEndpointMiddleware(metaMw *MetadataMiddleware, accountStore security.AccountStore, ...) *SamlAuthorizeEndpointMiddleware + func (mw *SamlAuthorizeEndpointMiddleware) AuthorizeHandlerFunc(condition web.RequestMatcher) gin.HandlerFunc + type SamlError struct + EC string + SC int + func NewSamlError(code int64, e interface{}, samlErrorCode string, httpStatusCode int, ...) *SamlError + func (s *SamlError) TranslateErrorCode() string + func (s *SamlError) TranslateErrorMessage() string + func (s *SamlError) TranslateHttpStatusCode() int + type SamlErrorHandler struct + func NewSamlErrorHandler() *SamlErrorHandler + func (h *SamlErrorHandler) HandleError(c context.Context, r *http.Request, rw http.ResponseWriter, err error) + type SamlLogoutEndpointConfigurer struct + func (c *SamlLogoutEndpointConfigurer) Apply(feature security.Feature, ws security.WebSecurity) (err error) + type SamlLogoutRequest struct + Binding string + Callback *saml.Endpoint + HTTPRequest *http.Request + IDP *saml.IdentityProvider + RelayState string + Request *saml.LogoutRequest + RequestBuffer []byte + Response *saml.LogoutResponse + SPMeta *saml.EntityDescriptor + SPSSODescriptor *saml.SPSSODescriptor + func (r SamlLogoutRequest) Validate() error + func (r SamlLogoutRequest) VerifySignature() error + func (r SamlLogoutRequest) WriteResponse(rw http.ResponseWriter) error + type SamlSingleLogoutMiddleware struct + func NewSamlSingleLogoutMiddleware(metaMw *MetadataMiddleware) *SamlSingleLogoutMiddleware + func (mw *SamlSingleLogoutMiddleware) Commence(ctx context.Context, r *http.Request, rw http.ResponseWriter, err error) + func (mw *SamlSingleLogoutMiddleware) HandleAuthenticationError(ctx context.Context, r *http.Request, rw http.ResponseWriter, err error) + func (mw *SamlSingleLogoutMiddleware) HandleAuthenticationSuccess(ctx context.Context, r *http.Request, rw http.ResponseWriter, ...) + func (mw *SamlSingleLogoutMiddleware) HandleLogout(ctx context.Context, _ *http.Request, _ http.ResponseWriter, ...) error + func (mw *SamlSingleLogoutMiddleware) Order() int + func (mw *SamlSingleLogoutMiddleware) SLOCondition() web.RequestMatcher + func (mw *SamlSingleLogoutMiddleware) ShouldLogout(ctx context.Context, r *http.Request, _ http.ResponseWriter, ...) error + type SamlSpDetails struct + EntityId string + MetadataRequireSignature bool + MetadataSource string + MetadataTrustCheck bool + MetadataTrustedKeys []string + SecurityProfile string + SkipAssertionEncryption bool + SkipAuthRequestSignatureVerification bool + type SamlSsoErrorTranslator interface + TranslateErrorCode func() string + TranslateErrorMessage func() string + TranslateHttpStatusCode func() int + type SpMetadataManager struct + func (m *SpMetadataManager) GetServiceProvider(serviceProviderID string) (SamlSpDetails, *saml.EntityDescriptor, error) + func (m *SpMetadataManager) RefreshCache(ctx context.Context, clients []samlctx.SamlClient)