idp

package
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 27, 2023 License: Apache-2.0 Imports: 37 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var ErrInvalidPassword = errors.New("invalid login or password")

ErrInvalidPassword should be returned by PasswordValidator if the account doesn't exist or the password is incorrect.

Functions

func ConfigureTLS

func ConfigureTLS() (*tls.Config, error)

ConfigureTLS not requiring users to present client certificates.

Types

type AssertionConsumerService

type AssertionConsumerService struct {
	Index     uint32
	IsDefault bool
	Binding   string
	Location  string
}

AssertionConsumerService is a SAML assertion consumer service

type AttributeSource

type AttributeSource interface {
	AddAttributes(*model.User, *model.AuthnRequest) error
}

AttributeSource allows implementations to retrieve user attributes from any upstream source such as a database, LDAP, or Web service.

func NewAttributeSource

func NewAttributeSource() (AttributeSource, error)

NewAttributeSource provides a default SAML attribute source that reads user information from the users key in the viper configuration

type Auditor

type Auditor interface {
	LogSuccess(*model.User, *model.AuthnRequest, LoginType)
}

Auditor is responsible for capturing login events

func DefaultAuditor

func DefaultAuditor() Auditor

DefaultAuditor returns a do nothing Auditor implementation

type IDP

type IDP struct {
	// You can include other routes by providing a router or
	// one will be created. Alternatively, you can add routes and
	// middleware to the Handler
	Router *httprouter.Router
	// Short term cache for saving state during authentication
	TempCache store.Cache
	// Longer term cache of authenticated users
	UserCache              store.Cache
	TLSConfig              *tls.Config
	PasswordValidator      PasswordValidator
	AttributeSources       []AttributeSource
	MetadataHandler        http.HandlerFunc
	ArtifactResolveHandler http.HandlerFunc
	RedirectSSOHandler     http.HandlerFunc
	ECPHandler             http.HandlerFunc
	PasswordLoginHandler   http.HandlerFunc
	QueryHandler           http.HandlerFunc
	Error                  func(w http.ResponseWriter, error string, code int)
	UIHandler              http.Handler
	Auditor                Auditor
	// contains filtered or unexported fields
}

IDP is the main data structure for the IDP. Public members can be used to alter behavior. Otherwise defaults are fine.

func (*IDP) DefaultArtifactResolveHandler

func (i *IDP) DefaultArtifactResolveHandler() http.HandlerFunc

DefaultArtifactResolveHandler is the default implementation for the artifact resolution handler. It can be used as is, wrapped in other handlers, or replaced completely.

func (*IDP) DefaultECPHandler

func (i *IDP) DefaultECPHandler() http.HandlerFunc

func (*IDP) DefaultMetadataHandler

func (i *IDP) DefaultMetadataHandler() (http.HandlerFunc, error)

DefaultMetadataHandler is the default implementation for the metadata display handler. It can be used as is, wrapped in other handlers, or replaced completely.

func (*IDP) DefaultPasswordLoginHandler

func (i *IDP) DefaultPasswordLoginHandler() http.HandlerFunc

DefaultPasswordLoginHandler is the default implementation for the password login handler. It can be used as is, wrapped in other handlers, or replaced completely.

func (*IDP) DefaultQueryHandler

func (i *IDP) DefaultQueryHandler() http.HandlerFunc

DefaultQueryHandler is the default implementation for the attribute query handler. It can be used as is, wrapped in other handlers, or replaced completely.

func (*IDP) DefaultRedirectSSOHandler

func (i *IDP) DefaultRedirectSSOHandler() http.HandlerFunc

DefaultRedirectSSOHandler is the default implementation for the redirect login handler. It can be used as is, wrapped in other handlers, or replaced completely.

func (*IDP) Handler

func (i *IDP) Handler() (http.Handler, error)

Handler returns the IDP's http.Handler including all sub routes or an error

type LoginType

type LoginType int

LoginType type of credential used for authentication

const (
	// CertificateLogin user logged in via certificate
	CertificateLogin LoginType = iota
	// PasswordLogin user logged in via password
	PasswordLogin
)

type PasswordValidator

type PasswordValidator interface {
	Validate(user, password string) error
}

PasswordValidator validates a user's password

func NewValidator

func NewValidator() (PasswordValidator, error)

NewValidator returns a sample validator that compares passwords to the bcrypt stored values for a user's password defined in the users key of the IDP's configuration

type ServiceProvider

type ServiceProvider struct {
	EntityID                  string
	AssertionConsumerServices []AssertionConsumerService
	Certificate               string
	// contains filtered or unexported fields
}

ServiceProvider stores the Service Provider metadata required by the IdP

func ReadSPMetadata

func ReadSPMetadata(metadata io.Reader) (*ServiceProvider, error)

ReadSPMetadata reads XML metadata from a reader

type UserAttributes

type UserAttributes struct {
	Name       string
	Attributes map[string][]string
}

UserAttributes holds attributes for a given user

type UserPassword

type UserPassword struct {
	Name     string
	Password string
}

UserPassword holds a user and their associated password.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL