gosaml

package module
v0.0.0-...-e399461 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 26, 2024 License: MIT Imports: 40 Imported by: 4

README

Go Report Card

gosaml

interface for saml stuff.

Documentation

Index

Examples

Constants

View Source 
const (
	// IDPRole used to set the role as an IDP
	IDPRole = iota
	// SPRole used to set the role as an SP
	SPRole
)
View Source 
const (
	// SAMLSign for SAML signing
	SAMLSign = iota
	// WSFedSign for WS-Fed signing
	WSFedSign
)
View Source 
const (
	// XsDateTime Setting the Date Time
	XsDateTime = "2006-01-02T15:04:05Z"
	// SigningCertQuery refers to get the key from the metadata
	SigningCertQuery = `/md:KeyDescriptor[@use="signing" or not(@use)]/ds:KeyInfo/ds:X509Data/ds:X509Certificate`
	// EncryptionCertQuery refers to encryption key
	EncryptionCertQuery = `/md:KeyDescriptor[@use="encryption" or not(@use)]/ds:KeyInfo/ds:X509Data/ds:X509Certificate`
	SPEnc               = "md:SPSSODescriptor" + EncryptionCertQuery
	IdPEnc              = "md:IDPSODescriptor" + EncryptionCertQuery
	// Transient refers to nameid format
	Transient = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
	// Persistent refers to nameid format
	Persistent = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
	// X509 refers to nameid format
	X509 = "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"
	// Email refers to nameid format
	Email = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
	// Unspecified refers to unspecified nameid format
	Unspecified = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"

	// REDIRECT refers to HTTP-Redirect
	REDIRECT = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
	// POST refers to HTTP-POST
	POST = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
)

Variables

View Source 
var (
	// TestTime refers to global testing time
	TestTime, ZeroTime time.Time
	// TestID for testing
	TestID string
	// TestAssertionID for testing
	TestAssertionID string
	// Roles refers to defining roles for SPs and IDPs
	Roles = []string{"md:IDPSSODescriptor", "md:SPSSODescriptor"}
	// ErrorACS refers error information
	ErrorACS = errors.New("AsssertionConsumerService, AsssertionConsumerServiceIndex, ProtocolBinding combination not found in metadata")
	// NameIDList list of supported nameid formats
	NameIDList = []string{"", Transient, Persistent, X509, Email, Unspecified}
	// NameIDMap refers to mapping the nameid formats
	NameIDMap = map[string]uint8{"": 1, Transient: 1, Persistent: 2, X509: 3, Email: 4, Unspecified: 5} // Unspecified accepted but not sent upstream

	// PostForm -
	PostForm *template.Template
	// AuthnRequestCookie - shortlived hmaced timelimited data
	AuthnRequestCookie *Hm
	// B2I map for marshalling bool to uint
	B2I = map[bool]byte{/* contains filtered or unexported fields */}

	NemLog = &nemLog{}
)

Functions

func AttributeCanonicalDump 

func AttributeCanonicalDump(w io.Writer, xp *goxml.Xp)

AttributeCanonicalDump for canonical dump

Example 
AttributeCanonicalDump(os.Stdout, response)

Output:

cn urn:oasis:names:tc:SAML:2.0:attrname-format:basic
    Mads Freek Petersen
eduPersonAffiliation urn:oasis:names:tc:SAML:2.0:attrname-format:basic
    member
eduPersonAssurance urn:oasis:names:tc:SAML:2.0:attrname-format:basic
    1
eduPersonEntitlement urn:oasis:names:tc:SAML:2.0:attrname-format:basic
    https://wayf.dk/feedback/view
    https://wayf.dk/kanja/admin
    https://wayf.dk/orphanage/admin
    https://wayf.dk/vo/admin
eduPersonPrimaryAffiliation urn:oasis:names:tc:SAML:2.0:attrname-format:basic
    member
eduPersonPrincipalName urn:oasis:names:tc:SAML:2.0:attrname-format:basic
    gikcaswid@orphanage.wayf.dk
eduPersonScopedAffiliation urn:oasis:names:tc:SAML:2.0:attrname-format:basic
    member@orphanage.wayf.dk
eduPersonTargetedID urn:oasis:names:tc:SAML:2.0:attrname-format:basic
    WAYF-DK-a462971438f09f28b0cf806965a5b5461376815b
entryUUID urn:oasis:names:tc:SAML:2.0:attrname-format:basic
    123-456-789
gn urn:oasis:names:tc:SAML:2.0:attrname-format:basic
    Mads Freek
isMemberOf urn:oasis:names:tc:SAML:2.0:attrname-format:basic
    prefix:1:abc:infix:2:def:infix:3::hij:postfix:4
    role1:idp:example.com
    role1:idp:example.net
    role1:req:example.net
    role1:sp:
    role1:xxx:xxexample.net
mail urn:oasis:names:tc:SAML:2.0:attrname-format:basic
    freek@wayf.dk
norEduPersonNIN urn:oasis:names:tc:SAML:2.0:attrname-format:basic
    2408590123
organizationName urn:oasis:names:tc:SAML:2.0:attrname-format:basic
    WAYF Where Are You From
preferredLanguage urn:oasis:names:tc:SAML:2.0:attrname-format:basic
    da
schacDateOfBirth urn:oasis:names:tc:SAML:2.0:attrname-format:basic
    19590824
schacHomeOrganization urn:oasis:names:tc:SAML:2.0:attrname-format:basic
    orphanage.wayf.dk
schacHomeOrganizationType urn:oasis:names:tc:SAML:2.0:attrname-format:basic
    urn:mace:terena.org:schac:homeOrganizationType:int:NRENAffiliate
schacPersonalUniqueCode urn:oasis:names:tc:SAML:2.0:attrname-format:basic
    urn:schac:personalUniqueCode:int:esi:wayf.dk:99924678
schacPersonalUniqueID urn:oasis:names:tc:SAML:2.0:attrname-format:basic
    urn:mace:terena.org:schac:personalUniqueID:dk:CPR:2408590123
schacYearOfBirth urn:oasis:names:tc:SAML:2.0:attrname-format:basic
    1959
sn NameStandIn urn:oasis:names:tc:SAML:2.0:attrname-format:basic
    Petersenx
sn urn:oasis:names:tc:SAML:2.0:attrname-format:basic
    Petersenx

func CheckDigestAndSignatureAlgorithms 

func CheckDigestAndSignatureAlgorithms(response *goxml.Xp) (err error)

CheckDigestAndSignatureAlgorithms -

func CheckSAMLMessage 

func CheckSAMLMessage(r *http.Request, xp, issuerMd, destinationMd *goxml.Xp, role int, location string, xtraCerts []string) (validatedMessage *goxml.Xp, signed bool, err error)

CheckSAMLMessage checks for Authentication Requests, Reponses and Logout Requests Checks for invalid Bindings. Check for Certificates. Verify Signatures

func DebugSetting 

func DebugSetting(r *http.Request, name string) string

DebugSetting for debugging cookies

func DebugSettingWithDefault 

func DebugSettingWithDefault(r *http.Request, name, def string) (res string)

func DecodeSAMLMsg 

func DecodeSAMLMsg(r *http.Request, issuerMdSets, destinationMdSets MdSets, role int, protocols []string, location string, xtraCerts []string) (xp, issuerMd, destinationMd *goxml.Xp, relayState string, issuerIndex, destinationIndex uint8, err error)

DecodeSAMLMsg decodes the Request. Extracts Issuer, Destination Check for Protocol for example (AuthnRequest) Validates the schema Receives the metadatasets for resp. the sender and the receiver Returns metadata for the sender and the receiver

func Deflate 

func Deflate(inflated []byte) []byte

Deflate utility that compresses a string using the flate algo

Example 
TestTime = fixedTestTime
newrequest, _, _ := NewAuthnRequest(nil, spmetadata, idpmetadata, "", idPList, "", false, 0, 0)
req := base64.StdEncoding.EncodeToString(Deflate([]byte(newrequest.Doc.Dump(false))))
fmt.Println(req)

Output:

pJJBj9owEIXv/ArL98TZqK0qi7Cii1aNtO0iku2hN5MMm5EcO52ZAP33FQEqeuHSqz1v3jdvZv547L3aAzHGUOiHNNMKQhNbDO+Ffqufk8/6cTGbs+v9YJejdGEDv0ZgUcfeB7bTR6FHCjY6RrbB9cBWGlstv73YPM3sQFFiE72+kdxXOGYgwRi0+nFFy09o5arQ5UqrknmEMrC4IIXOs+xTkj0kWV7nuc0+2OzjT61WwILByaTuRAa2xjiHiY/vMaR8QGm6tOkMtoMZKO7Qgzkh5GYDLRI0YqrqVav1hf8LhnMs99C35yK2X+t6naxfq1qr5XWcpxh47IEqoD028LZ5uSETIdyOAske4QCUOoe3kEGAdtACTRMlAiym6nC7jR6kS5njBX7yvKzMTkHR4n9M+K/J3Nz2vB7Fd9dDuVpHj81v9Rypd3I/otMLtsluKrXDacEsEESrpffx8ETgBAotNII2i9nZ9d/jW8z+BAAA//8=

func DumpFile 

func DumpFile(r *http.Request, xp *goxml.Xp) (logtag string)

DumpFile is for logging requests and responses

func DumpFileIfTracing 

func DumpFileIfTracing(r *http.Request, xp *goxml.Xp) (logtag string)

DumpFileIfTracing - check trace flag and and dump if set

func FindInMetadataSets 

func FindInMetadataSets(metadataSets MdSets, key string) (md *goxml.Xp, index uint8, err error)

FindInMetadataSets - find an entity in a list of MD sets and return it and the index

func GetPrivateKey 

func GetPrivateKey(md *goxml.Xp, path string) (privatekey crypto.PrivateKey, cert string, err error)

GetPrivateKey extract the key from Metadata and builds a name and reads the key

Example 
pKey, _, err := GetPrivateKey(spmetadata, "md:SPSSODescriptor"+EncryptionCertQuery)
fmt.Println(pKey, err)

Output:

[] ["cause:open f8c19afa414fdc045779d20a63d2f46716fe71ff.key: file does not exist"]

func GetPrivateKeyByMethod 

func GetPrivateKeyByMethod(md *goxml.Xp, path string, keyType x509.PublicKeyAlgorithm) (privatekey crypto.PrivateKey, cert string, err error)

func GetPrivateKeyByMethodWithPW 

func GetPrivateKeyByMethodWithPW(md *goxml.Xp, path string, keyType x509.PublicKeyAlgorithm, pw string) (privatekey crypto.PrivateKey, cert string, err error)

func HTML2SAMLResponse 

func HTML2SAMLResponse(html []byte) (samlresponse *goxml.Xp, relayState string, action *url.URL)

HTML2SAMLResponse extracts the SAMLResponse from a HTML document

func ID 

func ID() (id string)

ID makes a random id

func IDAndTiming 

func IDAndTiming() (issueInstant, id, assertionID, assertionNotBefore, assertionNotOnOrAfter, sessionNotOnOrAfter string)

IDAndTiming for checking the validity

func IDHash 

func IDHash(data string) string

IDHash to create hash of the id

func Inflate 

func Inflate(deflated []byte) []byte

Inflate utility that decompresses a string using the flate algo

Example 
TestTime = fixedTestTime
newrequest, _, _ := NewAuthnRequest(nil, spmetadata, idpmetadata, "", idPList, "", false, 0, 0)
req := Deflate([]byte(newrequest.Doc.Dump(false)))
res := Inflate(req)
fmt.Println(string(res))

Output:

<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="ID" IssueInstant="2006-01-02T22:04:05Z" Destination="https://aai-logon.switch.ch/idp/profile/SAML2/Redirect/SSO" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://attribute-viewer.aai.switch.ch/interfederation-test/Shibboleth.sso/SAML2/POST">
<saml:Issuer>https://attribute-viewer.aai.switch.ch/interfederation-test/shibboleth</saml:Issuer>
<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" AllowCreate="true"/>
</samlp:AuthnRequest>

func Jwt2saml 

func Jwt2saml(w http.ResponseWriter, r *http.Request, mdHub, mdInternal, mdExternalIDP, mdExternalSP Md, requestHandler func(*goxml.Xp, *goxml.Xp, *goxml.Xp) (map[string][]string, error), signerMd *goxml.Xp) (err error)

Jwt2saml - JSON based IdP interface

func JwtSign 

func JwtSign(payload []byte, privatekey crypto.PrivateKey, alg string) (jwt, atHash string, err error)

JwtSign - sign a json payload, return jwt and at_atHash

func JwtVerify 

func JwtVerify(jwt string, issuerMdSets MdSets, md *goxml.Xp, path, iss string) (attrs map[string]interface{}, idpMd *goxml.Xp, err error)

func Map2saml 

func Map2saml(response *goxml.Xp, attrs map[string]interface{}) (err error)

func NewErrorResponse 

func NewErrorResponse(idpMd, spMd, authnrequest, sourceResponse *goxml.Xp) (response *goxml.Xp)

NewErrorResponse makes a new error response with Entityid, issuer, destination and returns the response

Example 
newrequest, _, _ := NewAuthnRequest(nil, spmetadata, idpmetadata, "", idPList, "", false, 0, 0)
response := NewErrorResponse(idpmetadata, spmetadata, newrequest, response)
fmt.Println(response.PP())

Output:

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
                xmlns:xs="http://www.w3.org/2001/XMLSchema"
                Version="2.0"
                ID="_KRiRsIAzohWB_xUsZrvb34lN_cVb"
                IssueInstant="2022-05-05T11:06:40Z"
                InResponseTo="ID"
                Destination="https://attribute-viewer.aai.switch.ch/interfederation-test/Shibboleth.sso/SAML2/POST">
    <saml:Issuer>
     https://aai-logon.switch.ch/idp/shibboleth
    </saml:Issuer>
    <samlp:Status>
        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </samlp:Status>
</samlp:Response>

func NewLogoutRequest 

func NewLogoutRequest(destination *goxml.Xp, sloinfo *SLOInfo, issuer string, async bool) (request *goxml.Xp, binding string, err error)

NewLogoutRequest makes a logout request with issuer destination ... and returns a NewRequest

func NewLogoutResponse 

func NewLogoutResponse(issuer string, destination *goxml.Xp, inResponseTo string, role uint8) (response *goxml.Xp, binding string, err error)

NewLogoutResponse creates a Logout Response oon the basis of Logout request

func NewLogoutResponseWithBinding 

func NewLogoutResponseWithBinding(issuer string, destination *goxml.Xp, inResponseTo string, role uint8, binding string) (response *goxml.Xp, err error)

func NewResponse 

func NewResponse(idpMd, spMd, authnrequest, sourceResponse *goxml.Xp) (response *goxml.Xp)

NewResponse - create a new response using the supplied metadata and resp. authnrequest and response for filling out the fields The response is primarily for the attributes, but other fields is eg. the AuthnContextClassRef is also drawn from it

func NewWsFedResponse 

func NewWsFedResponse(idpMd, spMd, sourceResponse *goxml.Xp) (response *goxml.Xp)

NewWsFedResponse generates a Ws-fed response

func Pem2PrivateKey 

func Pem2PrivateKey(privatekeypem []byte, pw string) (pk crypto.PrivateKey, err error)

Pem2PrivateKey converts a PEM encoded private key with an optional password to a *rsa.PrivateKey

func PublicKeyInfo 

func PublicKeyInfo(cert string) (keyname string, publickey crypto.PublicKey, err error)

PublicKeyInfo extracts the keyname, publickey and cert (base64 DER - no PEM) from the given certificate. The keyname is computed from the public key corresponding to running this command: openssl x509 -modulus -noout -in <cert> | openssl sha1.

Example 
cert := spmetadata.Query1(nil, "./md:SPSSODescriptor"+EncryptionCertQuery) // actual signing key is always first
var keyname string
keyname, _, err := PublicKeyInfo(cert)
fmt.Println(err, keyname)

Output:

<nil> f8c19afa414fdc045779d20a63d2f46716fe71ff

func PublicKeyInfoByMethod 

func PublicKeyInfoByMethod(certs []string, keyType x509.PublicKeyAlgorithm) (keynames, crts []string, publickeys []crypto.PublicKey, err error)

func ReceiveAuthnRequest 

func ReceiveAuthnRequest(r *http.Request, issuerMdSets, destinationMdSets MdSets, location string) (xp, issuerMd, destinationMd *goxml.Xp, relayState string, issuerIndex, destinationIndex uint8, err error)

ReceiveAuthnRequest receives the authentication request Checks for Subject and NameidPolicy(Persistent or Transient) Receives the metadatasets for resp. the sender and the receiver Returns metadata for the sender and the receiver

Example 
TestTime = fixedTestTime
newrequest, _, _ := NewAuthnRequest(nil, spmetadata, idpmetadata, "", idPList, "", false, 0, 0)
url, _ := SAMLRequest2URL(newrequest, "anton-banton", nil, "")
request := httptest.NewRequest("GET", url.String(), nil)
_, _, _, relayState, _, _, err := ReceiveAuthnRequest(request, MdSets{external}, MdSets{external}, "https://"+request.Host+request.URL.Path)
fmt.Println(relayState)
fmt.Println(err)

Output:

anton-banton
<nil>

func ReceiveLogoutMessage 

func ReceiveLogoutMessage(r *http.Request, issuerMdSets, destinationMdSets MdSets, role int) (xp, issuerMd, destinationMd *goxml.Xp, relayState string, issuerIndex, destinationIndex uint8, err error)

ReceiveLogoutMessage receives the Logout Message Receives the metadatasets for resp. the sender and the receiver Returns metadata for the sender and the receiver

func ReceiveSAMLResponse 

func ReceiveSAMLResponse(r *http.Request, issuerMdSets, destinationMdSets MdSets, location string, xtraCerts []string) (xp, issuerMd, destinationMd *goxml.Xp, relayState string, issuerIndex, destinationIndex uint8, err error)

ReceiveSAMLResponse handles the SAML minutiae when receiving a SAMLResponse Currently the only supported binding is POST Receives the metadatasets for resp. the sender and the receiver Returns metadata for the sender and the receiver

func SAMLRequest2OIDCRequest 

func SAMLRequest2OIDCRequest(samlrequest *goxml.Xp, relayState, flow string, idpMD *goxml.Xp) (destination *url.URL, err error)

func SAMLRequest2URL 

func SAMLRequest2URL(samlrequest *goxml.Xp, relayState string, privatekey crypto.PrivateKey, algo string) (destination *url.URL, err error)

SAMLRequest2URL creates a redirect URL from a saml request

Example 
TestTime = fixedTestTime
newrequest, _, _ := NewAuthnRequest(nil, spmetadata, idpmetadata, "", idPList, "", false, 0, 0)
url, err := SAMLRequest2URL(newrequest, "anton-banton", nil, "")
fmt.Println(url, err)

Output:

https://aai-logon.switch.ch/idp/profile/SAML2/Redirect/SSO?SAMLRequest=pJJBj9owEIXv%2FArL98TZqK0qi7Cii1aNtO0iku2hN5MMm5EcO52ZAP33FQEqeuHSqz1v3jdvZv547L3aAzHGUOiHNNMKQhNbDO%2BFfqufk8%2F6cTGbs%2Bv9YJejdGEDv0ZgUcfeB7bTR6FHCjY6RrbB9cBWGlstv73YPM3sQFFiE72%2BkdxXOGYgwRi0%2BnFFy09o5arQ5UqrknmEMrC4IIXOs%2BxTkj0kWV7nuc0%2B2OzjT61WwILByaTuRAa2xjiHiY%2FvMaR8QGm6tOkMtoMZKO7Qgzkh5GYDLRI0YqrqVav1hf8LhnMs99C35yK2X%2Bt6naxfq1qr5XWcpxh47IEqoD028LZ5uSETIdyOAske4QCUOoe3kEGAdtACTRMlAiym6nC7jR6kS5njBX7yvKzMTkHR4n9M%2BK%2FJ3Nz2vB7Fd9dDuVpHj81v9Rypd3I%2FotMLtsluKrXDacEsEESrpffx8ETgBAotNII2i9nZ9d%2FjW8z%2BBAAA%2F%2F8%3D&RelayState=anton-banton <nil>

func Saml2jwt 

func Saml2jwt(w http.ResponseWriter, r *http.Request, mdHub, mdInternal, mdExternalIDP, mdExternalSP Md, requestHandler func(*goxml.Xp, *goxml.Xp, *goxml.Xp) (map[string][]string, error), defaultIdpentityid string) (err error)

Saml2jwt - JSON based SP interface

func Saml2map 

func Saml2map(response *goxml.Xp) (attrs map[string]interface{})

func SamlTime2JwtTime 

func SamlTime2JwtTime(xmlTime string) int64

SamlTime2JwtTime - convert string SAML time to epoch

func SignResponse 

func SignResponse(response *goxml.Xp, elementQuery string, md *goxml.Xp, signingMethod string, signFor int) (err error)

SignResponse signs the response with the given method. Returns an error if unable to sign.

func SloRequest 

func SloRequest(w http.ResponseWriter, r *http.Request, response, spMd, IdpMd *goxml.Xp, pk crypto.PrivateKey, protocol string)

SloRequest generates a single logout request

func SloResponse 

func SloResponse(w http.ResponseWriter, r *http.Request, request, issuer, destination *goxml.Xp, pk crypto.PrivateKey, role uint8) (err error)

SloResponse generates a single logout reponse

func URL2SAMLRequest 

func URL2SAMLRequest(url *url.URL, err error) (samlrequest *goxml.Xp, relayState string)

URL2SAMLRequest extracts the SAMLRequest from an URL

Example 
TestTime = fixedTestTime
newrequest, _, _ := NewAuthnRequest(nil, spmetadata, idpmetadata, "", idPList, "", false, 0, 0)
url, _ := SAMLRequest2URL(newrequest, "anton-banton", nil, "")
xp, relayState := URL2SAMLRequest(url, nil)
fmt.Printf("%t\n", newrequest.PP() == xp.PP())
fmt.Println(relayState)

Output:

true
anton-banton

func VerifySign 

func VerifySign(xp *goxml.Xp, certificates []string, signature types.Node) (err error)

VerifySign takes Certificate, signature and xp as an input

func VerifyTiming 

func VerifyTiming(xp *goxml.Xp, signed bool) (verifiedXp *goxml.Xp, err error)

VerifyTiming verify the presence and value of timestamps

Types

type Formdata 

type Formdata struct {
	AcsURL                                   template.URL
	Acs, Samlresponse, Samlrequest, Id_token string
	RelayState, SigAlg, Signature            string
	Protocol                                 string
	SLOStatus                                string
	Ard                                      template.JS
	Initial                                  bool
}

Formdata for passing parameters to display template

type Hm 

type Hm struct {
	TTL  int64
	Hash func() hash.Hash
	Key  []byte
}

Hm - HMac struct

func (*Hm) Decode 

func (h *Hm) Decode(id, in string) ([]byte, error)

Decode - the whole message

func (*Hm) Encode 

func (h *Hm) Encode(id string, msg []byte) (str string, err error)

Encode using hand-held MessagePack for keeping the size down - no double base64 encodings

type Md 

type Md interface {
	MDQ(key string) (xp *goxml.Xp, err error)
}

Md Interface for metadata provider

type MdSets 

type MdSets []Md

MdSets slice of Md sets - for searching one MD at at time and remembering the index

type SLOInfo 

type SLOInfo struct {
	IDP, SP, NameID, SPNameQualifier, SessionIndex, ID, Protocol string
	NameIDFormat, HubRole, SLOStatus                             uint8
	SLOSupport, Async                                            bool
}

SLOInfo refers to Single Logout information

func NewSLOInfo 

func NewSLOInfo(xp *goxml.Xp, context types.Node, sp string, sloSupport bool, hubRole uint8, protocol string) (slo *SLOInfo)

NewSLOInfo extract necessary Logout information - xp is expectd to be a Response

type SLOInfoList 

type SLOInfoList []SLOInfo

func (*SLOInfoList) Find 

func (sil *SLOInfoList) Find(response *goxml.Xp) (slo *SLOInfo, ok bool)

func (*SLOInfoList) LogoutRequest 

func (sil *SLOInfoList) LogoutRequest(request *goxml.Xp, hub string, hubRole uint8, protocol string) (slo *SLOInfo)

func (*SLOInfoList) LogoutResponse 

func (sil *SLOInfoList) LogoutResponse(response *goxml.Xp) (slo *SLOInfo, sendResponse bool)

func (SLOInfoList) Marshal 

func (sil SLOInfoList) Marshal() (msg []byte)

Marshal - hand-held marshal for SLOInfo struct - save some b64 encoding by keeping ascii values at end

func (*SLOInfoList) Response 

func (sil *SLOInfoList) Response(response *goxml.Xp, sp string, sloSupport bool, hubRole uint8, protocol string)

func (*SLOInfoList) Unmarshal 

func (sil *SLOInfoList) Unmarshal(msg []byte)

Unmarshal - hand-held unmarshal for SLOInfo struct

type SamlRequest 

type SamlRequest struct {
	Nonce, RequestID, SP, IDP, VirtualIDP, WAYFSP, AssertionConsumerIndex, Protocol, IDPProtocol string
	NameIDFormat, SPIndex, HubBirkIndex                                                          uint8
}

SamlRequest - compact representation of a request across the hub

func NewAuthnRequest 

func NewAuthnRequest(originalRequest, spMd, idpMd *goxml.Xp, virtualIDP string, idPList []string, acs string, wantRequesterID bool, spIndex, hubBirkIndex uint8) (request *goxml.Xp, sRequest SamlRequest, err error)

NewAuthnRequest - create an AuthnRequest using the supplied metadata for setting the fields according to the following rules:

  • The Destination is the 1st SingleSignOnService with a redirect binding in the idpmetadata
  • The AssertionConsumerServiceURL is the Location of the 1st ACS with a post binding in the spmetadata
  • The ProtocolBinding is post
  • The Issuer is the entityID in the idpmetadata
  • The NameID defaults to transient

func (SamlRequest) Marshal 

func (r SamlRequest) Marshal() (msg []byte)

Marshal hand-held marshal SamlRequest

func (*SamlRequest) Unmarshal 

func (r *SamlRequest) Unmarshal(msg []byte)

Unmarshal - hand held unmarshal for SamlRequest

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.