README
¶
go-saml
Forked from https://github.com/RobotsAndPencils/go-saml
A just good enough SAML client library written in Go.
The library supports:
- generating signed/unsigned AuthnRequests
- validating signed Responses
- generating service provider metadata
Prerequisites
The xmlsec1 command must be installed - this library uses it to
sign and verify XML signatures.
Usage
Below are samples to show how you might use the library.
Generating Signed AuthnRequests
sp := &saml.ServiceProvider{
IDPSSOURL: "http://idp/saml2", // idp's authentication url
IDPPublicCertPath: "/certs/idpcert.crt", // filesystem path to idp's cert
IssuerURL: "http://localhost:8000", // your base url
AssertionConsumerServiceURL: "http://localhost:8000/saml_consume", // your callback url after authentication at IDP
PublicCertPath: "/certs/default.crt", // filesystem path to your cert
PrivateKeyPath: "/certs/default.key", // filesystem path to your private key
SignRequest: true, // whether to sign authentication requests
UseCompression: true, // whether to compress requests and decompress responses
}
sp.Init()
// generate the AuthnRequest
authnRequest := sp.AuthnRequest()
// get a base64 encoded string of the XML
b64XML, err := sp.EncodeAuthnRequest(authnRequest)
if err != nil {
panic(err)
}
// get a URL with the SAMLRequest parameter containing the encoded XML
url, err := sp.AuthnRequestURL(b64XML, "some state value")
if err != nil {
panic(err)
}
Validating a received SAML Response
resp, err := sp.ParseResponse(encodedXML)
if err != nil {
panic(err)
}
err = sp.ValidateResponse(resp)
if err != nil {
panic(err)
}
subject := resp.Assertion.Subject.NameID.Value
for _, attr := range resp.Assertion.AttributeStatement.Attributes {
// process attributes...
}
//...
}
Service provider metadata
func samlMetadataHandler(sp *saml.ServiceProvider) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
md, err := sp.EntityDescriptorXML()
if err != nil {
panic(err)
}
w.Header().Set("Content-Type", "application/xml")
w.Write([]byte(md))
})
}
Documentation
¶
Index ¶
- Constants
- type Assertion
- type AssertionConsumerService
- type Attribute
- type AttributeStatement
- type AttributeValue
- type AuthnContextClassRef
- type AuthnRequest
- func (ar *AuthnRequest) CompressedEncodedSignedString(privateKeyPath string) (string, error)
- func (ar *AuthnRequest) CompressedEncodedString() (string, error)
- func (ar *AuthnRequest) EncodedSignedString(privateKeyPath string) (string, error)
- func (ar *AuthnRequest) EncodedString() (string, error)
- func (ar *AuthnRequest) SignedString(privateKeyPath string) (string, error)
- func (ar *AuthnRequest) String() (string, error)
- type CanonicalizationMethod
- type Conditions
- type DigestMethod
- type DigestValue
- type EntityAttributes
- type EntityDescriptor
- type Extensions
- type Issuer
- type KeyDescriptor
- type KeyInfo
- type NameID
- type NameIDPolicy
- type RequestedAuthnContext
- type Response
- func (resp *Response) AddAttribute(name, value string)
- func (resp *Response) CompressedEncodedSignedString(privateKeyPath string) (string, error)
- func (resp *Response) EncodedSignedString(privateKeyPath string) (string, error)
- func (resp *Response) SignedString(privateKeyPath string) (string, error)
- func (resp *Response) String() (string, error)
- type SPSSODescriptor
- type SPSSODescriptors
- type SamlsigReference
- type ServiceProvider
- func (sp *ServiceProvider) AuthnRequest() *AuthnRequest
- func (sp *ServiceProvider) AuthnRequestURL(encodedXML, state string) (*url.URL, error)
- func (sp *ServiceProvider) EncodeAuthnRequest(ar *AuthnRequest) (string, error)
- func (sp *ServiceProvider) EntityDescriptor() *EntityDescriptor
- func (sp *ServiceProvider) EntityDescriptorXML() (string, error)
- func (sp *ServiceProvider) IDPPublicCert() string
- func (sp *ServiceProvider) Init() (err error)
- func (sp *ServiceProvider) PrivateKey() string
- func (sp *ServiceProvider) PublicCert() string
- func (sp *ServiceProvider) ValidateResponse(resp *Response) error
- type Signature
- type SignatureMethod
- type SignatureValue
- type SignedInfo
- type SingleLogoutService
- type Status
- type StatusCode
- type Subject
- type SubjectConfirmation
- type SubjectConfirmationData
- type Transform
- type Transforms
- type X509Certificate
- type X509Data
Constants ¶
View Source
const ( ResponseXMLID = "urn:oasis:names:tc:SAML:2.0:protocol:Response" ResponseAssertionXMLID = "urn:oasis:names:tc:SAML:2.0:assertion:Assertion" )
View Source
const RequestXMLID = "urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest"
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Assertion ¶
type Assertion struct {
XMLName xml.Name
ID string `xml:"ID,attr"`
Version string `xml:"Version,attr"`
XS string `xml:"xmlns:xs,attr"`
XSI string `xml:"xmlns:xsi,attr"`
SAML string `xml:"saml,attr"`
IssueInstant string `xml:"IssueInstant,attr"`
Issuer Issuer `xml:"Issuer"`
Subject Subject
Conditions Conditions
AttributeStatement AttributeStatement
Signature Signature `xml:"Signature,omitempty"`
}
type AttributeStatement ¶
type AttributeValue ¶
type AuthnContextClassRef ¶
type AuthnRequest ¶
type AuthnRequest struct {
XMLName xml.Name
SAMLP string `xml:"xmlns:samlp,attr"`
SAML string `xml:"xmlns:saml,attr"`
SAMLSIG string `xml:"xmlns:samlsig,attr,omitempty"`
ID string `xml:"ID,attr"`
Version string `xml:"Version,attr"`
ProtocolBinding string `xml:"ProtocolBinding,attr"`
AssertionConsumerServiceURL string `xml:"AssertionConsumerServiceURL,attr"`
Destination string `xml:"Destination,attr"`
IssueInstant string `xml:"IssueInstant,attr"`
AssertionConsumerServiceIndex int `xml:"AssertionConsumerServiceIndex,attr,omitempty"`
AttributeConsumingServiceIndex int `xml:"AttributeConsumingServiceIndex,attr"`
Issuer Issuer `xml:"Issuer"`
NameIDPolicy NameIDPolicy `xml:"NameIDPolicy"`
RequestedAuthnContext RequestedAuthnContext `xml:"RequestedAuthnContext"`
Signature *Signature `xml:"Signature,omitempty"`
}
func NewAuthnRequest ¶
func NewAuthnRequest() *AuthnRequest
NewAuthnRequest constructs an AuthnRequest
func (*AuthnRequest) CompressedEncodedSignedString ¶
func (ar *AuthnRequest) CompressedEncodedSignedString(privateKeyPath string) (string, error)
func (*AuthnRequest) CompressedEncodedString ¶
func (ar *AuthnRequest) CompressedEncodedString() (string, error)
func (*AuthnRequest) EncodedSignedString ¶
func (ar *AuthnRequest) EncodedSignedString(privateKeyPath string) (string, error)
func (*AuthnRequest) EncodedString ¶
func (ar *AuthnRequest) EncodedString() (string, error)
func (*AuthnRequest) SignedString ¶
func (ar *AuthnRequest) SignedString(privateKeyPath string) (string, error)
func (*AuthnRequest) String ¶
func (ar *AuthnRequest) String() (string, error)
type CanonicalizationMethod ¶
type Conditions ¶
type DigestMethod ¶
type DigestValue ¶
type EntityAttributes ¶
type EntityDescriptor ¶
type EntityDescriptor struct {
XMLName xml.Name
DS string `xml:"xmlns:ds,attr"`
XMLNS string `xml:"xmlns,attr"`
MD string `xml:"xmlns:md,attr"`
EntityId string `xml:"entityID,attr"`
Extensions Extensions `xml:"Extensions"`
SPSSODescriptor SPSSODescriptor `xml:"SPSSODescriptor"`
}
type Extensions ¶
type KeyDescriptor ¶
type NameIDPolicy ¶
type RequestedAuthnContext ¶
type RequestedAuthnContext struct {
XMLName xml.Name
SAMLP string `xml:"xmlns:samlp,attr"`
Comparison string `xml:"Comparison,attr"`
AuthnContextClassRef AuthnContextClassRef `xml:"AuthnContextClassRef"`
}
type Response ¶
type Response struct {
XMLName xml.Name
SAMLP string `xml:"xmlns:samlp,attr"`
SAML string `xml:"xmlns:saml,attr"`
SAMLSIG string `xml:"xmlns:samlsig,attr"`
Destination string `xml:"Destination,attr"`
ID string `xml:"ID,attr"`
Version string `xml:"Version,attr"`
IssueInstant string `xml:"IssueInstant,attr"`
InResponseTo string `xml:"InResponseTo,attr"`
Assertion Assertion `xml:"Assertion"`
Signature Signature `xml:"Signature"`
Issuer Issuer `xml:"Issuer"`
Status Status `xml:"Status"`
// contains filtered or unexported fields
}
func NewResponse ¶
func NewResponse() *Response
func ParseResponse ¶
ParseResponse decodes a SAML Response
func (*Response) AddAttribute ¶
AddAttribute add attribute to the Response
func (*Response) CompressedEncodedSignedString ¶
func (*Response) EncodedSignedString ¶
func (*Response) SignedString ¶
type SPSSODescriptor ¶
type SPSSODescriptor struct {
XMLName xml.Name
ProtocolSupportEnumeration string `xml:"protocolSupportEnumeration,attr"`
SigningKeyDescriptor KeyDescriptor
EncryptionKeyDescriptor KeyDescriptor
// SingleLogoutService SingleLogoutService `xml:"SingleLogoutService"`
AssertionConsumerServices []AssertionConsumerService
}
type SPSSODescriptors ¶
type SPSSODescriptors struct {
}
type SamlsigReference ¶
type SamlsigReference struct {
XMLName xml.Name
URI string `xml:"URI,attr"`
Transforms Transforms `xml:",innerxml"`
DigestMethod DigestMethod `xml:",innerxml"`
DigestValue DigestValue `xml:",innerxml"`
}
type ServiceProvider ¶
type ServiceProvider struct {
IDPSSOURL string
IDPPublicCertPath string
IDPTrustedCertPaths []string
IssuerURL string
AssertionConsumerServiceURL string
PublicCertPath string
PrivateKeyPath string
SignRequest bool
CompressRequest bool
// contains filtered or unexported fields
}
ServiceProvider provides settings to configure a SAML Service Provider. Expect only one IDP per SP in this configuration. If you need to configure multipe IDPs for an SP then configure multiple instances of this module.
func (*ServiceProvider) AuthnRequest ¶
func (sp *ServiceProvider) AuthnRequest() *AuthnRequest
AuthnRequest creates an AuthnRequest object
func (*ServiceProvider) AuthnRequestURL ¶
func (sp *ServiceProvider) AuthnRequestURL(encodedXML, state string) (*url.URL, error)
AuthnRequestURL generates a URL for the encoded AuthnRequest with the SAMLRequest and RelayState query params set
func (*ServiceProvider) EncodeAuthnRequest ¶
func (sp *ServiceProvider) EncodeAuthnRequest(ar *AuthnRequest) (string, error)
EncodedAuthnRequest returns an encoded AuthnRequest
func (*ServiceProvider) EntityDescriptor ¶
func (sp *ServiceProvider) EntityDescriptor() *EntityDescriptor
EntityDescriptor creates an EntityDescriptor object
func (*ServiceProvider) EntityDescriptorXML ¶
func (sp *ServiceProvider) EntityDescriptorXML() (string, error)
EntityDescriptorXML generates the SP metadata XML doc
func (*ServiceProvider) IDPPublicCert ¶
func (sp *ServiceProvider) IDPPublicCert() string
IDPPublicCert returns the IDP public cert contents
func (*ServiceProvider) Init ¶
func (sp *ServiceProvider) Init() (err error)
Init loads any keys and certificates
func (*ServiceProvider) PrivateKey ¶
func (sp *ServiceProvider) PrivateKey() string
PrivateKey returns the SP private key contents
func (*ServiceProvider) PublicCert ¶
func (sp *ServiceProvider) PublicCert() string
PublicCert returns the SP public cert contents
func (*ServiceProvider) ValidateResponse ¶
func (sp *ServiceProvider) ValidateResponse(resp *Response) error
ValidateResponse validates a Response
type Signature ¶
type Signature struct {
XMLName xml.Name
Id string `xml:"Id,attr"`
SignedInfo SignedInfo
SignatureValue SignatureValue
KeyInfo KeyInfo
}
type SignatureMethod ¶
type SignatureValue ¶
type SignedInfo ¶
type SignedInfo struct {
XMLName xml.Name
CanonicalizationMethod CanonicalizationMethod
SignatureMethod SignatureMethod
SamlsigReference SamlsigReference
}
type SingleLogoutService ¶
type Status ¶
type Status struct {
XMLName xml.Name
StatusCode StatusCode `xml:"StatusCode"`
}
type StatusCode ¶
type Subject ¶
type Subject struct {
XMLName xml.Name
NameID NameID
SubjectConfirmation SubjectConfirmation
}
type SubjectConfirmation ¶
type SubjectConfirmation struct {
XMLName xml.Name
Method string `xml:",attr"`
SubjectConfirmationData SubjectConfirmationData
}
type SubjectConfirmationData ¶
type Transforms ¶
type X509Certificate ¶
type X509Data ¶
type X509Data struct {
XMLName xml.Name
X509Certificate X509Certificate `xml:",innerxml"`
}
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.