Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrSAMLRequest indicates there is an error on SAML callback request. ErrSAMLRequest = errors.New("malformed SAML callback request") // ErrUserDataCallback indicates there was an error executing user data callback. ErrUserDataCallback = errors.New("error on user data callback") // ErrGeneratingToken indicates there was an error genereting JWT token. ErrGeneratingToken = errors.New("error generating token") // ErrRelayStateInvalid indicates the provided "redirect_to" URL is not valid. ErrRelayStateInvalid = errors.New("invalid RelayState URL") // ErrUntrustedDomain indicates the redirect domain is not trusted. ErrUntrustedDomain = errors.New("redirect to an untrusted domain was requested") )
var ( // ErrParsingMetadata indicates there was an error obtaining or parsing metadata. ErrParsingMetadata = errors.New("error parsing metadata") // ErrMalformedSAML indicates there is a format error on SAML callback request. ErrMalformedSAML = errors.New("malformed SAML request content") // ErrNotInAudience indicates SAML validation contains an audience related warning. ErrNotInAudience = errors.New("not in audience") )
Functions ¶
This section is empty.
Types ¶
type CallbackConfig ¶
type CallbackConfig struct {
CookieName string
CookieDomain string
CookieSecure bool
UserDataCallback UserDataCallback
TokenGenerator TokenGenerator
}
CallbackConfig specifies config options for the login callback function.
type Handler ¶
type Handler interface {
LoginHandler() http.HandlerFunc
LoginCallbackHandler(CallbackConfig) http.HandlerFunc
}
Handler represents a SAML authentication handler.
func NewHandler ¶
NewHandler builds a new SAML handler from a SAML provider and a list of trusted domains.
type Provider ¶
type Provider interface {
BuildAuthURL(url string) (string, error)
GetUserData(samlResp string) (UserData, error)
}
Provider represents a component that is able to interact and communicate with a SAML IdP.
func NewProvider ¶
func NewProvider(metadataURL, issuerURL, callbackURL string, keyStore X509KeyStore) (Provider, error)
NewProvider builds a new SAML provider. keyStore is the X509 keystore to use for request signing.
type RandomKeyStore ¶
type RandomKeyStore struct {
// contains filtered or unexported fields
}
RandomKeyStore is a X509KeyStore which generates a new random private key and certificate from it. This is acceptable for many IdPs as they often do not verify request signatures (e.g.: Okta)
func NewRandomKeyStore ¶
func NewRandomKeyStore() *RandomKeyStore
NewRandomKeyStore builds a new RandomKeyStore.
func (*RandomKeyStore) GetKeyPair ¶
func (s *RandomKeyStore) GetKeyPair() (privateKey *rsa.PrivateKey, cert []byte, err error)
GetKeyPair returns the keystore private key and certificate.
type TokenGenerator ¶
TokenGenerator defines the method to generate a new session token. Note that is designed thinking in a Bearer token, like OAuth / JWT
type UserData ¶
type UserData struct {
UserName string `db:"username"`
FirstName string `db:"first_name"`
LastName string `db:"last_name"`
Email string `db:"email"`
}
UserData contains the basic auth data associated with a user obtained from SAML response.
type UserDataCallback ¶
UserDataCallback represents the callback to execute when user data is obtained from SAML response.
type X509KeyStore ¶
type X509KeyStore interface {
GetKeyPair() (privateKey *rsa.PrivateKey, cert []byte, err error)
}
X509KeyStore represents an X509 keystore.
Source Files