sts

package
v0.46.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 12, 2024 License: Apache-2.0 Imports: 27 Imported by: 64

Documentation

Index

Constants

View Source
const (
	Namespace = "oasis:names:tc:SAML:2.0:assertion"

	Path       = basePath + "/STSService"
	SystemPath = basePath + "/system-STSService/sdk"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Client

type Client struct {
	*soap.Client

	RoundTripper soap.RoundTripper
}

Client is a soap.Client targeting the STS (Secure Token Service) API endpoint.

func NewClient

func NewClient(ctx context.Context, c *vim25.Client) (*Client, error)

NewClient returns a client targeting the STS API endpoint. The Client.URL will be set to that of the Lookup Service's endpoint registration, as the SSO endpoint can be external to vCenter. If the Lookup Service is not available, URL defaults to Path on the vim25.Client.URL.Host.

func (*Client) Issue

func (c *Client) Issue(ctx context.Context, req TokenRequest) (*Signer, error)

Issue is used to request a security token. The returned Signer can be used to sign SOAP requests, such as the SessionManager LoginByToken method and the RequestSecurityToken method itself. One of TokenRequest Certificate or Userinfo is required, with Certificate taking precedence. When Certificate is set, a Holder-of-Key token will be requested. Otherwise, a Bearer token is requested with the Userinfo credentials. See: http://docs.oasis-open.org/ws-sx/ws-trust/v1.4/errata01/os/ws-trust-1.4-errata01-os-complete.html#_Toc325658937

func (*Client) Renew

func (c *Client) Renew(ctx context.Context, req TokenRequest) (*Signer, error)

Renew is used to request a security token renewal.

func (*Client) RoundTrip added in v0.25.0

func (c *Client) RoundTrip(ctx context.Context, req, res soap.HasFault) error

RoundTrip dispatches to the RoundTripper field.

type Signer

type Signer struct {
	Token       string           // Token is a SAML token
	Certificate *tls.Certificate // Certificate is used to sign requests
	Lifetime    struct {
		Created time.Time
		Expires time.Time
	}
	// contains filtered or unexported fields
}

Signer implements the soap.Signer interface.

func (*Signer) NewRequest added in v0.19.0

func (s *Signer) NewRequest() TokenRequest

func (*Signer) Sign

func (s *Signer) Sign(env soap.Envelope) ([]byte, error)

Sign is a soap.Signer implementation which can be used to sign RequestSecurityToken and LoginByTokenBody requests.

func (*Signer) SignRequest added in v0.20.0

func (s *Signer) SignRequest(req *http.Request) error

SignRequest is a rest.Signer implementation which can be used to sign rest.Client.LoginByTokenBody requests.

type TokenRequest

type TokenRequest struct {
	Userinfo    *url.Userinfo    // Userinfo when set issues a Bearer token
	Certificate *tls.Certificate // Certificate when set issues a HoK token
	Lifetime    time.Duration    // Lifetime is the token's lifetime, defaults to 10m
	Renewable   bool             // Renewable allows the issued token to be renewed
	Delegatable bool             // Delegatable allows the issued token to be delegated (e.g. for use with ActAs)
	ActAs       bool             // ActAs allows to request an ActAs token based on the passed Token.
	Token       string           // Token for Renew request or Issue request ActAs identity or to be exchanged.
	KeyType     string           // KeyType for requested token (if not set will be decucted from Userinfo and Certificate options)
	KeyID       string           // KeyID used for signing the requests
}

TokenRequest parameters for issuing a SAML token. At least one of Userinfo or Certificate must be specified. When `TokenRequest.Certificate` is set, the `tls.Certificate.PrivateKey` field must be set as it is required to sign the request. When the `tls.Certificate.Certificate` field is not set, the request Assertion header is set to that of the TokenRequest.Token. Otherwise `tls.Certificate.Certificate` is used as the BinarySecurityToken in the request.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL