Documentation
¶
Index ¶
Constants ¶
View Source
const ( FetchMetadataTimeout = time.Minute ErrInvalidCertificates = "certificates are not valid" ErrInvalidMetadataURL = "metadata url is not valid" ErrFetchMetadata = "could not fetch metadata" ErrInvalidApplicationURL = "application's url is not valid" )
Variables ¶
View Source
var ( ErrInvalidLogoutBindings = errors.New("logout bindings contains a not valid urn") ErrNoEntityID = errors.New("entity id cannot be empty") ErrInvalidIDPMetadataURL = errors.New("idp metadata url is not valid") ErrNoCertFile = errors.New("key file is set but cert_file is empty") ErrNoKeyFile = errors.New("cert file is set but key_file is empty") ErrInvalidNameIDFormat = errors.New("authn name id format is not valid") ErrInvalidURI = errors.New("uri is not valid") ErrInvalidRedirectURI = errors.New("default redirect uri is not valid") ErrInvalidErrorURI = errors.New("default error uri is not valid") ErrInvalidCookieSameSite = errors.New("cookie same site is not valid") ErrInvalidCookieName = errors.New("cookie name contains invalid characters or starts with '$'") ErrInvalidMaxIssueDelay = errors.New("max issue delay must be greater than 0") )
View Source
var (
ErrNoLogoutRequest = errors.New("no saml logout request found")
)
View Source
var (
ErrNoSessionAttributes = errors.New("no session attributes found")
)
Functions ¶
This section is empty.
Types ¶
type Attributes ¶
type Attributes struct {
samlsp.Attributes
// contains filtered or unexported fields
}
Attributes is a type that embeds samlsp.Attributes and includes a configuration pointer.
func (*Attributes) Get ¶
func (r *Attributes) Get(name string) string
Get returns the first mapped attribute named `name` or an empty string if no such attributes is present.
func (*Attributes) GetAll ¶
func (r *Attributes) GetAll(name string) []string
GetAll returns all mapped attributes named `name` or an empty []string if no such attributes is present.
type Config ¶
type Config struct {
// LogoutBindings represents a list of bindings that can be used for logout requests.
LogoutBindings []string `json:"logout_bindings" yaml:"logout_bindings" mapstructure:"logout_bindings"`
// EntityID is the name of the service provider.
EntityID string `json:"entity_id" yaml:"entity_id" mapstructure:"entity_id"`
// IDPMetadataURL is the URL to the metadata configuration file of the identity provider.
IDPMetadataURL string `json:"idp_metadata_url" yaml:"idp_metadata_url" mapstructure:"idp_metadata_url"`
// CertFile represents the path to the certificate file.
CertFile string `json:"cert_file" yaml:"cert_file" mapstructure:"cert_file"`
// KeyFile represents the path to the key file.
KeyFile string `json:"key_file" yaml:"key_file" mapstructure:"key_file"`
// AuthnNameIDFormat is the format of the Name Identifier used in authentication requests.
AuthnNameIDFormat string `json:"authn_name_id_format" yaml:"authn_name_id_format" mapstructure:"authn_name_id_format"`
// URI represents the schema, domain and (optional) port of the service provider.
URI string `json:"uri" yaml:"uri" mapstructure:"uri"`
// DefaultRedirectURI is the default redirect URI used in authentication requests.
DefaultRedirectURI string `json:"default_redirect_uri" yaml:"default_redirect_uri" mapstructure:"default_redirect_uri"`
// DefaultErrorURI is the default error URI used in authentication requests.
DefaultErrorURI string `json:"default_error_uri" yaml:"default_error_uri" mapstructure:"default_error_uri"`
// CookieSameSite specifies the cookie SameSite attribute.
CookieSameSite string `json:"cookie_same_site" yaml:"cookie_same_site" mapstructure:"cookie_same_site"`
// CookieName is the name of the session cookie used for SAML authentication.
CookieName string `json:"cookie_name" yaml:"cookie_name" mapstructure:"cookie_name"`
// Logger specifies the used logger instance.
Logger *logger.Logger
// MaxIssueDelay is the maximum allowed delay for issuing SAML tokens.
MaxIssueDelay time.Duration `json:"max_issue_delay" yaml:"max_issue_delay" mapstructure:"max_issue_delay"`
// Mapping maps attributes from the identity provider to local attributes.
Mapping map[string]string `json:"mapping" yaml:"mapping" mapstructure:"mapping"`
// AllowIDPInitiated specifies whether IDP-initiated SAML authentication is allowed or not.
AllowIDPInitiated bool `json:"allow_idp_initiated" yaml:"allow_idp_initiated" mapstructure:"allow_idp_initiated"`
// SignRequest defines whether the requests are signed or not.
SignRequest bool `json:"sign" yaml:"sign" mapstructure:"sign"`
// UseArtifactResponse specifies whether to use artifact responses for authentication or not.
UseArtifactResponse bool `json:"use_artifact_response" yaml:"use_artifact_response" mapstructure:"use_artifact_response"`
// ForceAuthn forces the user to authenticate again even if they have a valid session.
ForceAuthn bool `json:"force_authn" yaml:"force_authn" mapstructure:"force_authn"`
}
Config holds configuration related to SAML as an authentication provider.
type RequestType ¶
type RequestType int
RequestType represents different types of SAML logout requests and responses.
const ( LogoutRequestPost RequestType = 0 + iota LogoutRequestRedirect LogoutResponsePost LogoutResponseRedirect )
type SAML ¶
type SAML struct {
// contains filtered or unexported fields
}
func (*SAML) GetAttributes ¶
func (r *SAML) GetAttributes(ctx *gin.Context) (attributes *Attributes, err error)
GetAttributes retrieves SAML attributes from the session context. It returns an error if no session attributes are found.
func (*SAML) RequireAccount ¶
func (r *SAML) RequireAccount() gin.HandlerFunc
RequireAccount is HTTP middleware that requires that each request be associated with a valid session. If the request is not associated with a valid session, then rather than serve the request, the middleware redirects the user to start the SAML auth flow.
func (*SAML) SetOnError ¶
SetOnError changes the OnError handler for middleware.
Source Files
Click to show internal directories.
Click to hide internal directories.