Documentation ¶
Index ¶
Constants ¶
const ( Namespace = "oasis:names:tc:SAML:2.0:assertion" Path = basePath + "/STSService" SystemPath = basePath + "/system-STSService/sdk" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client struct { *soap.Client RoundTripper soap.RoundTripper }
Client is a soap.Client targeting the STS (Secure Token Service) API endpoint.
func NewClient ¶
NewClient returns a client targeting the STS API endpoint. The Client.URL will be set to that of the Lookup Service's endpoint registration, as the SSO endpoint can be external to vCenter. If the Lookup Service is not available, URL defaults to Path on the vim25.Client.URL.Host.
func (*Client) Issue ¶
Issue is used to request a security token. The returned Signer can be used to sign SOAP requests, such as the SessionManager LoginByToken method and the RequestSecurityToken method itself. One of TokenRequest Certificate or Userinfo is required, with Certificate taking precedence. When Certificate is set, a Holder-of-Key token will be requested. Otherwise, a Bearer token is requested with the Userinfo credentials. See: http://docs.oasis-open.org/ws-sx/ws-trust/v1.4/errata01/os/ws-trust-1.4-errata01-os-complete.html#_Toc325658937
type Signer ¶
type Signer struct { Token string // Token is a SAML token Certificate *tls.Certificate // Certificate is used to sign requests Lifetime struct { Created time.Time Expires time.Time } // contains filtered or unexported fields }
Signer implements the soap.Signer interface.
func (*Signer) NewRequest ¶ added in v0.19.0
func (s *Signer) NewRequest() TokenRequest
type TokenRequest ¶
type TokenRequest struct { Userinfo *url.Userinfo // Userinfo when set issues a Bearer token Certificate *tls.Certificate // Certificate when set issues a HoK token Lifetime time.Duration // Lifetime is the token's lifetime, defaults to 10m Renewable bool // Renewable allows the issued token to be renewed Delegatable bool // Delegatable allows the issued token to be delegated (e.g. for use with ActAs) ActAs bool // ActAs allows to request an ActAs token based on the passed Token. Token string // Token for Renew request or Issue request ActAs identity or to be exchanged. KeyType string // KeyType for requested token (if not set will be decucted from Userinfo and Certificate options) KeyID string // KeyID used for signing the requests }
TokenRequest parameters for issuing a SAML token. At least one of Userinfo or Certificate must be specified. When `TokenRequest.Certificate` is set, the `tls.Certificate.PrivateKey` field must be set as it is required to sign the request. When the `tls.Certificate.Certificate` field is not set, the request Assertion header is set to that of the TokenRequest.Token. Otherwise `tls.Certificate.Certificate` is used as the BinarySecurityToken in the request.