server

package
v0.0.0-...-e114012 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 16, 2024 License: MIT Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	HeaderAuthorizedUsing = "X-Authorized-Using"
	HeaderForwardedProto  = "X-Forwarded-Proto"
	HeaderForwardedFor    = "X-Forwarded-For"
	HeaderForwardedHost   = "X-Forwarded-Host"
	HeaderForwardedURI    = "X-Forwarded-Uri"
)

Variables

This section is empty.

Functions

func IsAnonymousSession 

func IsAnonymousSession(session samlsp.Session) bool

func Start 

func Start(ctx context.Context, logger *zap.Logger, cfg *Config) error

Types

type AnonymousSession 

type AnonymousSession struct {
}

type Config 

type Config struct {
	Version                 bool              `usage:"show version and exit" env:""`
	Bind                    string            `default:":8080" usage:"[host:port] to bind for serving HTTP"`
	BaseUrl                 string            `usage:"External [URL] of this proxy"`
	BackendUrl              string            `usage:"[URL] of the backend being proxied"`
	EntityID                string            `usage:"Entity ID of this service provider"`
	IdpMetadataUrl          string            `usage:"[URL] of the IdP's metadata XML, can be a local file by specifying the file:// scheme"`
	IdpCaPath               string            `usage:"Optional [path] to a CA certificate PEM file for the IdP"`
	NameIdFormat            string            `` /* 145-byte string literal not displayed */
	SpKeyPath               string            `default:"saml-auth-proxy.key" usage:"The [path] to the X509 private key PEM file for this SP"`
	SpCertPath              string            `default:"saml-auth-proxy.cert" usage:"The [path] to the X509 public certificate PEM file for this SP"`
	NameIdMapping           string            `usage:"Name of the request [header] to convey the SAML nameID/subject"`
	AttributeHeaderMappings map[string]string `usage:"Comma separated list of [attribute=header] pairs mapping SAML IdP response attributes to forwarded request header"`
	AttributeHeaderWildcard string            `usage:"Maps all SAML attributes with this option as a prefix, slashes in attribute names will be replaced by dashes"`
	NewAuthWebhookUrl       string            `usage:"[URL] of webhook that will get POST'ed when a new authentication is processed"`
	AuthorizeAttribute      string            `usage:"Enables authorization and specifies the [attribute] to check for authorized values"`
	AuthorizeValues         []string          `usage:"If enabled, comma separated list of [values] that must be present in the authorize attribute"`
	CookieName              string            `usage:"Name of the cookie that tracks session token" default:"token"`
	CookieMaxAge            time.Duration     `usage:"Specifies the amount of time the authentication token will remain valid" default:"2h"`
	CookieDomain            string            `usage:"Overrides the domain set on the session cookie. By default the BaseUrl host is used."`
	AllowIdpInitiated       bool              `usage:"If set, allows for IdP initiated authentication flow"`
	AuthVerify              bool              `usage:"Enables verify path endpoint for forward auth and trusts X-Forwarded headers"`
	AuthVerifyPath          string            `default:"/_verify" usage:"Path under BaseUrl that will respond with a 200 when authenticated"`
	Debug                   bool              `usage:"Enable debug logs"`
	StaticRelayState        string            `` /* 169-byte string literal not displayed */
	InitiateSessionPath     string            `` /* 145-byte string literal not displayed */
	SignRequests            bool              `usage:"If set, enables SAML request signing"`
}

type CookieRequestTracker 

type CookieRequestTracker struct {
	samlsp.CookieRequestTracker

	CookieDomain          string
	StaticRelayState      string
	TrustForwardedHeaders bool
}

Extends samlsp.CookieRequestTracker to add CookieDomain configuration.

func (CookieRequestTracker) TrackRequest 

func (t CookieRequestTracker) TrackRequest(w http.ResponseWriter, r *http.Request, samlRequestID string) (string, error)

Source: https://github.com/crewjam/saml/blob/5e0ffd290abf0be7dfd4f8279e03a963071544eb/samlsp/request_tracker_cookie.go#L28-58 Changes: - Adds host in request URI - Adds CookieDomain config in http.SetCookie - Handles X-Forwarded headers

type InitAnonymousSessionProvider 

type InitAnonymousSessionProvider struct {
	// contains filtered or unexported fields
}

InitAnonymousSessionProvider will initially provide AnonymousSession instances when requested; however, once the given initiateSessionPath is intercepted, then remaining session access is delegated to the given delegateSessionProvider.

func NewInitAnonymousSessionProvider 

func NewInitAnonymousSessionProvider(logger *zap.Logger, initiateSessionPath string, delegateSessionProvider samlsp.SessionProvider) *InitAnonymousSessionProvider

func (*InitAnonymousSessionProvider) CreateSession 

func (p *InitAnonymousSessionProvider) CreateSession(w http.ResponseWriter, r *http.Request, assertion *saml.Assertion) error

func (*InitAnonymousSessionProvider) DeleteSession 

func (p *InitAnonymousSessionProvider) DeleteSession(w http.ResponseWriter, r *http.Request) error

func (*InitAnonymousSessionProvider) GetSession 

func (p *InitAnonymousSessionProvider) GetSession(r *http.Request) (samlsp.Session, error)

type Proxy 

type Proxy struct {
	// contains filtered or unexported fields
}

func NewProxy 

func NewProxy(logger *zap.Logger, cfg *Config) (*Proxy, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.