Documentation ¶
Index ¶
- Constants
- type Assertion
- type Attribute
- type AttributeStatement
- type AttributeValue
- type Audience
- type AudienceRestriction
- type AuthnContext
- type AuthnContextClassRef
- type AuthnStatement
- type Conditions
- type DigestMethod
- type EncryptedAssertion
- type EncryptedKey
- type EncryptionMethod
- type Endpoint
- type EntityDescriptor
- type IDPSSODescriptor
- type IndexedEndpoint
- type Issuer
- type KeyDescriptor
- type NameID
- type NameIDFormat
- type OneTimeUse
- type ProxyRestriction
- type Response
- type SPSSODescriptor
- type Signature
- type SingleSignOnService
- type Status
- type StatusCode
- type Subject
- type SubjectConfirmation
- type SubjectConfirmationData
- type UnverifiedBaseResponse
Constants ¶
const ( MethodRSAOAEP = "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" MethodRSAOAEP2 = "http://www.w3.org/2009/xmlenc11#rsa-oaep" )
Well-known public-key encryption methods
const ( MethodAES128GCM = "http://www.w3.org/2009/xmlenc11#aes128-gcm" MethodAES128CBC = "http://www.w3.org/2001/04/xmlenc#aes128-cbc" MethodAES256CBC = "http://www.w3.org/2001/04/xmlenc#aes256-cbc" )
Well-known private key encryption methods
const ( MethodSHA1 = "http://www.w3.org/2000/09/xmldsig#sha1" MethodSHA256 = "http://www.w3.org/2000/09/xmldsig#sha256" MethodSHA512 = "http://www.w3.org/2000/09/xmldsig#sha512" )
Well-known hash methods
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Assertion ¶
type Assertion struct { XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:assertion Assertion"` Version string `xml:"Version,attr"` ID string `xml:"ID,attr"` IssueInstant time.Time `xml:"IssueInstant,attr"` Issuer *Issuer `xml:"Issuer"` Signature *Signature `xml:"Signature"` Subject *Subject `xml:"Subject"` Conditions *Conditions `xml:"Conditions"` AttributeStatement *AttributeStatement `xml:"AttributeStatement"` AuthnStatement *AuthnStatement `xml:"AuthnStatement"` SignatureValidated bool `xml:"-"` // not read, not dumped }
type AttributeStatement ¶
type AttributeValue ¶
type AudienceRestriction ¶
type AuthnContext ¶ added in v0.2.0
type AuthnContext struct { XMLName xml.Name `xml:urn:oasis:names:tc:SAML:2.0:assertion AuthnContext"` AuthnContextClassRef *AuthnContextClassRef `xml:"AuthnContextClassRef"` }
type AuthnContextClassRef ¶ added in v0.2.0
type AuthnStatement ¶
type Conditions ¶
type Conditions struct { XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:assertion Conditions"` NotBefore string `xml:"NotBefore,attr"` NotOnOrAfter string `xml:"NotOnOrAfter,attr"` AudienceRestrictions []AudienceRestriction `xml:"AudienceRestriction"` OneTimeUse *OneTimeUse `xml:"OneTimeUse"` ProxyRestriction *ProxyRestriction `xml:"ProxyRestriction"` }
type DigestMethod ¶
type DigestMethod struct {
Algorithm string `xml:",attr,omitempty"`
}
DigestMethod is a digest type specification
type EncryptedAssertion ¶
type EncryptedAssertion struct { XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:assertion EncryptedAssertion"` EncryptionMethod EncryptionMethod `xml:"EncryptedData>EncryptionMethod"` EncryptedKey EncryptedKey `xml:"EncryptedData>KeyInfo>EncryptedKey"` DetEncryptedKey EncryptedKey `xml:"EncryptedKey"` // detached EncryptedKey element CipherValue string `xml:"EncryptedData>CipherData>CipherValue"` }
func (*EncryptedAssertion) Decrypt ¶
func (ea *EncryptedAssertion) Decrypt(cert *tls.Certificate) (*Assertion, error)
Decrypt decrypts and unmarshals the EncryptedAssertion.
func (*EncryptedAssertion) DecryptBytes ¶
func (ea *EncryptedAssertion) DecryptBytes(cert *tls.Certificate) ([]byte, error)
type EncryptedKey ¶
type EncryptedKey struct { // EncryptionMethod string `xml:"EncryptionMethod>Algorithm"` X509Data string `xml:"KeyInfo>X509Data>X509Certificate"` CipherValue string `xml:"CipherData>CipherValue"` EncryptionMethod EncryptionMethod }
EncryptedKey contains the decryption key data from the saml2 core and xmlenc standards.
func (*EncryptedKey) DecryptSymmetricKey ¶
func (ek *EncryptedKey) DecryptSymmetricKey(cert *tls.Certificate) (cipher.Block, error)
DecryptSymmetricKey returns the private key contained in the EncryptedKey document
type EncryptionMethod ¶
type EncryptionMethod struct { Algorithm string `xml:",attr,omitempty"` DigestMethod DigestMethod `xml:",omitempty"` }
EncryptionMethod specifies the type of encryption that was used.
type EntityDescriptor ¶
type EntityDescriptor struct { XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:metadata EntityDescriptor"` ValidUntil time.Time `xml:"validUntil,attr"` // SAML 2.0 8.3.6 Entity Identifier could be used to represent issuer EntityID string `xml:"entityID,attr"` SPSSODescriptor *SPSSODescriptor `xml:"SPSSODescriptor,omitempty"` IDPSSODescriptor *IDPSSODescriptor `xml:"IDPSSODescriptor,omitempty"` }
type IDPSSODescriptor ¶
type IDPSSODescriptor struct { XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:metadata IDPSSODescriptor"` WantAuthnRequestsSigned bool `xml:"WantAuthnRequestsSigned,attr"` KeyDescriptors []KeyDescriptor `xml:"KeyDescriptor"` NameIDFormats []NameIDFormat `xml:"NameIDFormat"` SingleSignOnServices []SingleSignOnService `xml:"SingleSignOnService"` Attributes []Attribute `xml:"Attribute"` }
type IndexedEndpoint ¶
type KeyDescriptor ¶
type NameIDFormat ¶
type OneTimeUse ¶
type ProxyRestriction ¶
type Response ¶
type Response struct { XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol Response"` ID string `xml:"ID,attr"` InResponseTo string `xml:"InResponseTo,attr"` Destination string `xml:"Destination,attr"` Version string `xml:"Version,attr"` IssueInstant time.Time `xml:"IssueInstant,attr"` Status *Status `xml:"Status"` Issuer *Issuer `xml:"Issuer"` Assertions []Assertion `xml:"Assertion"` EncryptedAssertions []EncryptedAssertion `xml:"EncryptedAssertion"` SignatureValidated bool `xml:"-"` // not read, not dumped }
type SPSSODescriptor ¶
type SPSSODescriptor struct { XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:metadata SPSSODescriptor"` AuthnRequestsSigned bool `xml:"AuthnRequestsSigned,attr"` WantAssertionsSigned bool `xml:"WantAssertionsSigned,attr"` ProtocolSupportEnumeration string `xml:"protocolSupportEnumeration,attr"` KeyDescriptors []KeyDescriptor `xml:"KeyDescriptor"` SingleLogoutServices []Endpoint `xml:"SingleLogoutService"` NameIDFormats []string `xml:"NameIDFormat"` AssertionConsumerServices []IndexedEndpoint `xml:"AssertionConsumerService"` }
type SingleSignOnService ¶
type Status ¶
type Status struct { XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol Status"` StatusCode *StatusCode `xml:"StatusCode"` }
type StatusCode ¶
type Subject ¶
type Subject struct { XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:assertion Subject"` NameID *NameID `xml:"NameID"` SubjectConfirmation *SubjectConfirmation `xml:"SubjectConfirmation"` }
type SubjectConfirmation ¶
type SubjectConfirmation struct { XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:assertion SubjectConfirmation"` Method string `xml:"Method,attr"` SubjectConfirmationData *SubjectConfirmationData `xml:"SubjectConfirmationData"` }
type SubjectConfirmationData ¶
type UnverifiedBaseResponse ¶ added in v0.3.0
type UnverifiedBaseResponse struct { XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol Response"` ID string `xml:"ID,attr"` InResponseTo string `xml:"InResponseTo,attr"` Destination string `xml:"Destination,attr"` Version string `xml:"Version,attr"` Issuer *Issuer `xml:"Issuer"` }
UnverifiedBaseResponse extracts several basic attributes of a SAML Response which may be useful in deciding how to validate the Response. An UnverifiedBaseResponse is parsed by this library prior to any validation of the Response, so the values it contains may have been supplied by an attacker and should not be trusted as authoritative from the IdP.