googleapps

package

v2.31.0 Latest Latest Go to latest Published: Jun 30, 2021 License: MIT Imports: 19 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/versent/saml2aws

Links

Open Source Insights

README ¶

googleapps

This provider uses SAML with Google Apps to enable authentication of users to AWS.

prerequisites

Setup your Google Apps and AWS Account as per one of the configuration guides.

configuration

The key attribute in configuring this provider is the URL which can be copied from the google apps, application list (I just pulled it from the HTML). An example of this is as follows:

https://accounts.google.com/o/saml2/initsso?idpid=XXXXXXX&spid=YYYYY&forceauthn=false

Where the following attributes are replace with:

XXXXX is IdP identifier for your Google Apps Account.
YYYYY is SP identifier for the AWS SAML application, in your Google Apps Account.

2-factor support

Currently this provider supports:

ToTP using applications like Google Authenticator or Authy
SMS
Google Prompt (Mobile Application)

prior work

In addition to my own effort deconstructing this, I also used the following as resources:

Documentation ¶

Index ¶

type Client
- func New(idpAccount *cfg.IDPAccount) (*Client, error)
- func (kc *Client) Authenticate(loginDetails *creds.LoginDetails) (string, error)
type DeviceFinder
type U2FClient
- func NewU2FClient(challengeNonce, appID, facet, keyHandle string, deviceFinder DeviceFinder) (*U2FClient, error)
- func (d *U2FClient) ChallengeU2F() (string, error)
type U2FDevice
type U2FDeviceFinder

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Client ¶

type Client struct {
	provider.ValidateBase
	// contains filtered or unexported fields
}

Client wrapper around Google Apps.

func New ¶

func New(idpAccount *cfg.IDPAccount) (*Client, error)

New create a new Google Apps Client

func (*Client) Authenticate ¶

func (kc *Client) Authenticate(loginDetails *creds.LoginDetails) (string, error)

Authenticate logs into Google Apps and returns a SAML response

type DeviceFinder ¶

type DeviceFinder interface {
	// contains filtered or unexported methods
}

DeviceFinder is used to mock out finding devices

type U2FClient ¶

type U2FClient struct {
	ChallengeNonce string
	AppID          string
	Facet          string
	Device         u2fhost.Device
	KeyHandle      string
}

U2FClient represents a challenge and the device used to respond

func NewU2FClient ¶

func NewU2FClient(challengeNonce, appID, facet, keyHandle string, deviceFinder DeviceFinder) (*U2FClient, error)

NewU2FClient returns a new initialized FIDO1-based U2F client, representing a single device

func (*U2FClient) ChallengeU2F ¶

func (d *U2FClient) ChallengeU2F() (string, error)

ChallengeU2F takes a U2FClient and returns a signed assertion to send to Google

type U2FDevice ¶

type U2FDevice interface {
	u2fhost.Device
}

U2FDevice is used to support mocking this device with mockery https://github.com/vektra/mockery/issues/210#issuecomment-485026348

type U2FDeviceFinder ¶

type U2FDeviceFinder struct{}

U2FDeviceFinder returns a U2F device

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL