Documentation ¶
Index ¶
- Constants
- Variables
- func AuthCallbackURL(p *Provider) func(context.Context, string) string
- func CreateRouter(p *Provider, interceptors ...HttpInterceptor) *mux.Router
- func IssuerFromContext(ctx context.Context) string
- func IssuerFromHost(path string) func(bool) (IssuerFromRequest, error)
- func NewID() string
- func Readiness(w http.ResponseWriter, r *http.Request, probes ...ProbesFn)
- func StaticIssuer(issuer string) func(bool) (IssuerFromRequest, error)
- func ValidateIssuer(issuer string, allowInsecure bool) error
- func ValidateIssuerPath(issuer *url.URL) error
- type Attributes
- func (a *Attributes) GetNameID() *saml2.NameIDType
- func (a *Attributes) GetSAML() []*saml.AttributeType
- func (a *Attributes) GetSAMLV2() []*saml2.AttributeType
- func (a *Attributes) SetEmail(value string)
- func (a *Attributes) SetFullName(value string)
- func (a *Attributes) SetGivenName(value string)
- func (a *Attributes) SetSurname(value string)
- func (a *Attributes) SetUserID(value string)
- func (a *Attributes) SetUsername(value string)
- type AuthRequestForm
- type AuthResponseForm
- type AuthStorage
- type Certificate
- type Config
- type ContactPerson
- type Endpoint
- type EndpointConfig
- type Endpoints
- type EntityStorage
- type HttpInterceptor
- type IDPStorage
- type IdentityProvider
- func (p *IdentityProvider) GetEntityID(ctx context.Context) string
- func (p *IdentityProvider) GetMetadata(ctx context.Context) (*md.IDPSSODescriptorType, *md.AttributeAuthorityDescriptorType, error)
- func (p *IdentityProvider) GetRoutes() []*Route
- func (p *IdentityProvider) GetServiceProvider(ctx context.Context, entityID string) (*serviceprovider.ServiceProvider, error)
- type IdentityProviderConfig
- type IdentityProviderStorage
- type IssuerFromRequest
- type IssuerInterceptor
- type LogoutRequestForm
- type LogoutResponse
- type LogoutResponseForm
- type MetadataConfig
- type MetadataIDPConfig
- type Option
- type Organisation
- type ProbesFn
- type Provider
- type Response
- type Route
- type Storage
- type UserStorage
Constants ¶
View Source
const ( AttributeEmail int = iota AttributeFullName AttributeGivenName AttributeSurname AttributeUsername AttributeUserID )
View Source
const ( DefaultCertificateEndpoint = "certificate" DefaultCallbackEndpoint = "login" DefaultSingleSignOnEndpoint = "SSO" DefaultSingleLogOutEndpoint = "SLO" DefaultAttributeEndpoint = "attribute" )
View Source
const ( DefaultTimeFormat = "2006-01-02T15:04:05.999999Z" PostBinding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" RedirectBinding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" SOAPBinding = "urn:oasis:names:tc:SAML:2.0:bindings:SOAP" DefaultMetadataEndpoint = "/metadata" )
View Source
const ( StatusCodeSuccess = "urn:oasis:names:tc:SAML:2.0:status:Success" StatusCodeVersionMissmatch = "urn:oasis:names:tc:SAML:2.0:status:VersionMismatch" StatusCodeAuthNFailed = "urn:oasis:names:tc:SAML:2.0:status:AuthnFailed" StatusCodeInvalidAttrNameOrValue = "urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue" StatusCodeInvalidNameIDPolicy = "urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy" StatusCodeRequestDenied = "urn:oasis:names:tc:SAML:2.0:status:RequestDenied" StatusCodeRequestUnsupported = "urn:oasis:names:tc:SAML:2.0:status:RequestUnsupported" StatusCodeUnsupportedBinding = "urn:oasis:names:tc:SAML:2.0:status:UnsupportedBinding" StatusCodeResponder = "urn:oasis:names:tc:SAML:2.0:status:Responder" StatusCodePartialLogout = "urn:oasis:names:tc:SAML:2.0:status:PartialLogout" )
View Source
const (
DefaultValidUntil = 5 * time.Minute
)
Variables ¶
View Source
var ( ErrInvalidIssuerPath = errors.New("no fragments or query allowed for issuer") ErrInvalidIssuerNoIssuer = errors.New("missing issuer") ErrInvalidIssuerURL = errors.New("invalid url for issuer") ErrInvalidIssuerMissingHost = errors.New("host for issuer missing") ErrInvalidIssuerHTTPS = errors.New("scheme for issuer must be `https`") )
Functions ¶
func AuthCallbackURL ¶
AuthCallbackURL builds the url for the redirect (with the requestID) after a successful login
func CreateRouter ¶
func CreateRouter(p *Provider, interceptors ...HttpInterceptor) *mux.Router
func IssuerFromContext ¶
IssuerFromContext reads the issuer from the context (set by an IssuerInterceptor) it will return an empty string if not found
func IssuerFromHost ¶
func IssuerFromHost(path string) func(bool) (IssuerFromRequest, error)
func StaticIssuer ¶
func StaticIssuer(issuer string) func(bool) (IssuerFromRequest, error)
func ValidateIssuer ¶
func ValidateIssuerPath ¶
Types ¶
type Attributes ¶
type Attributes struct {
// contains filtered or unexported fields
}
func (*Attributes) GetNameID ¶
func (a *Attributes) GetNameID() *saml2.NameIDType
func (*Attributes) GetSAML ¶
func (a *Attributes) GetSAML() []*saml.AttributeType
func (*Attributes) GetSAMLV2 ¶
func (a *Attributes) GetSAMLV2() []*saml2.AttributeType
func (*Attributes) SetEmail ¶
func (a *Attributes) SetEmail(value string)
func (*Attributes) SetFullName ¶
func (a *Attributes) SetFullName(value string)
func (*Attributes) SetGivenName ¶
func (a *Attributes) SetGivenName(value string)
func (*Attributes) SetSurname ¶
func (a *Attributes) SetSurname(value string)
func (*Attributes) SetUserID ¶
func (a *Attributes) SetUserID(value string)
func (*Attributes) SetUsername ¶
func (a *Attributes) SetUsername(value string)
type AuthRequestForm ¶
type AuthResponseForm ¶
type AuthStorage ¶
type Certificate ¶
type Config ¶
type Config struct { MetadataConfig *MetadataConfig IDPConfig *IdentityProviderConfig Metadata *Endpoint `yaml:"Metadata"` Organisation *Organisation ContactPerson *ContactPerson }
type ContactPerson ¶
type Endpoint ¶
type Endpoint struct {
// contains filtered or unexported fields
}
func NewEndpoint ¶
func NewEndpointWithURL ¶
type EndpointConfig ¶
type EntityStorage ¶
type EntityStorage interface { GetCA(context.Context) (*key.CertificateAndKey, error) GetMetadataSigningKey(context.Context) (*key.CertificateAndKey, error) }
type IDPStorage ¶
type IDPStorage interface { AuthStorage IdentityProviderStorage UserStorage Health(context.Context) error }
type IdentityProvider ¶
type IdentityProvider struct {
// contains filtered or unexported fields
}
func NewIdentityProvider ¶
func NewIdentityProvider(metadata Endpoint, conf *IdentityProviderConfig, storage IDPStorage) (*IdentityProvider, error)
func (*IdentityProvider) GetEntityID ¶
func (p *IdentityProvider) GetEntityID(ctx context.Context) string
func (*IdentityProvider) GetMetadata ¶
func (p *IdentityProvider) GetMetadata(ctx context.Context) (*md.IDPSSODescriptorType, *md.AttributeAuthorityDescriptorType, error)
func (*IdentityProvider) GetRoutes ¶
func (p *IdentityProvider) GetRoutes() []*Route
func (*IdentityProvider) GetServiceProvider ¶
func (p *IdentityProvider) GetServiceProvider(ctx context.Context, entityID string) (*serviceprovider.ServiceProvider, error)
type IdentityProviderConfig ¶
type IdentityProviderConfig struct { MetadataIDPConfig *MetadataIDPConfig SignatureAlgorithm string DigestAlgorithm string EncryptionAlgorithm string WantAuthRequestsSigned string Insecure bool Endpoints *EndpointConfig `yaml:"Endpoints"` }
type IdentityProviderStorage ¶
type IssuerFromRequest ¶
type IssuerInterceptor ¶
type IssuerInterceptor struct {
// contains filtered or unexported fields
}
func NewIssuerInterceptor ¶
func NewIssuerInterceptor(issuerFromRequest IssuerFromRequest) *IssuerInterceptor
NewIssuerInterceptor will set the issuer into the context by the provided IssuerFromRequest (e.g. returned from StaticIssuer or IssuerFromHost)
func (*IssuerInterceptor) Handler ¶
func (i *IssuerInterceptor) Handler(next http.Handler) http.Handler
func (*IssuerInterceptor) HandlerFunc ¶
func (i *IssuerInterceptor) HandlerFunc(next http.HandlerFunc) http.HandlerFunc
type LogoutRequestForm ¶
type LogoutResponse ¶
type LogoutResponseForm ¶
type MetadataConfig ¶
type MetadataIDPConfig ¶
type Option ¶
func WithAllowInsecure ¶
func WithAllowInsecure() Option
WithAllowInsecure allows the use of http (instead of https) for issuers this is not recommended for production use and violates the SAML specification
func WithCustomTimeFormat ¶
WithCustomTimeFormat allows the use of a custom timeformat instead of the default
func WithHttpInterceptors ¶
func WithHttpInterceptors(interceptors ...HttpInterceptor) Option
type Organisation ¶
type ProbesFn ¶
func ReadyStorage ¶
type Provider ¶
type Provider struct {
// contains filtered or unexported fields
}
func NewProvider ¶
func (*Provider) GetMetadata ¶
func (*Provider) HttpHandler ¶
type Route ¶
type Route struct { Endpoint string HandleFunc http.HandlerFunc }
type Storage ¶
type Storage interface { EntityStorage AuthStorage IdentityProviderStorage UserStorage Health(context.Context) error }
Source Files ¶
Click to show internal directories.
Click to hide internal directories.