samlinvalidate

package

v9.0.1 Latest Latest Go to latest Published: Jul 31, 2025 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/elastic/go-elasticsearch

Links

Open Source Insights

Documentation ¶

Overview ¶

Invalidate SAML.

Submit a SAML LogoutRequest message to Elasticsearch for consumption.

NOTE: This API is intended for use by custom web applications other than Kibana. If you are using Kibana, refer to the documentation for configuring SAML single-sign-on on the Elastic Stack.

The logout request comes from the SAML IdP during an IdP initiated Single Logout. The custom web application can use this API to have Elasticsearch process the `LogoutRequest`. After successful validation of the request, Elasticsearch invalidates the access token and refresh token that corresponds to that specific SAML principal and provides a URL that contains a SAML LogoutResponse message. Thus the user can be redirected back to their IdP.

Index ¶

Variables
type NewSamlInvalidate
- func NewSamlInvalidateFunc(tp elastictransport.Interface) NewSamlInvalidate
type Request
- func NewRequest() *Request
- func (r *Request) FromJSON(data string) (*Request, error)
type Response
- func NewResponse() *Response
type SamlInvalidate
- func New(tp elastictransport.Interface) *SamlInvalidate

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrBuildPath = errors.New("cannot build path, check for missing path parameters")

ErrBuildPath is returned in case of missing parameters within the build of the request.

Functions ¶

This section is empty.

Types ¶

type NewSamlInvalidate ¶

type NewSamlInvalidate func() *SamlInvalidate

NewSamlInvalidate type alias for index.

func NewSamlInvalidateFunc ¶

func NewSamlInvalidateFunc(tp elastictransport.Interface) NewSamlInvalidate

NewSamlInvalidateFunc returns a new instance of SamlInvalidate with the provided transport. Used in the index of the library this allows to retrieve every apis in once place.

type Request ¶

type Request struct {

	// Acs The Assertion Consumer Service URL that matches the one of the SAML realm in
	// Elasticsearch that should be used. You must specify either this parameter or
	// the `realm` parameter.
	Acs *string `json:"acs,omitempty"`
	// QueryString The query part of the URL that the user was redirected to by the SAML IdP to
	// initiate the Single Logout.
	// This query should include a single parameter named `SAMLRequest` that
	// contains a SAML logout request that is deflated and Base64 encoded.
	// If the SAML IdP has signed the logout request, the URL should include two
	// extra parameters named `SigAlg` and `Signature` that contain the algorithm
	// used for the signature and the signature value itself.
	// In order for Elasticsearch to be able to verify the IdP's signature, the
	// value of the `query_string` field must be an exact match to the string
	// provided by the browser.
	// The client application must not attempt to parse or process the string in any
	// way.
	QueryString string `json:"query_string"`
	// Realm The name of the SAML realm in Elasticsearch the configuration. You must
	// specify either this parameter or the `acs` parameter.
	Realm *string `json:"realm,omitempty"`
}

Request holds the request body struct for the package samlinvalidate

https://github.com/elastic/elasticsearch-specification/blob/86f41834c7bb975159a38a73be8a9d930010d673/specification/security/saml_invalidate/Request.ts#L22-L61

func NewRequest ¶

func NewRequest() *Request

NewRequest returns a Request

func (*Request) FromJSON ¶

func (r *Request) FromJSON(data string) (*Request, error)

FromJSON allows to load an arbitrary json into the request structure

type Response ¶

type Response struct {

	// Invalidated The number of tokens that were invalidated as part of this logout.
	Invalidated int `json:"invalidated"`
	// Realm The realm name of the SAML realm in Elasticsearch that authenticated the
	// user.
	Realm string `json:"realm"`
	// Redirect A SAML logout response as a parameter so that the user can be redirected back
	// to the SAML IdP.
	Redirect string `json:"redirect"`
}

Response holds the response body struct for the package samlinvalidate

https://github.com/elastic/elasticsearch-specification/blob/86f41834c7bb975159a38a73be8a9d930010d673/specification/security/saml_invalidate/Response.ts#L22-L37

func NewResponse ¶

func NewResponse() *Response

NewResponse returns a Response

type SamlInvalidate ¶

type SamlInvalidate struct {
	// contains filtered or unexported fields
}

func New ¶

func New(tp elastictransport.Interface) *SamlInvalidate

Invalidate SAML.

Submit a SAML LogoutRequest message to Elasticsearch for consumption.

NOTE: This API is intended for use by custom web applications other than Kibana. If you are using Kibana, refer to the documentation for configuring SAML single-sign-on on the Elastic Stack.

The logout request comes from the SAML IdP during an IdP initiated Single Logout. The custom web application can use this API to have Elasticsearch process the `LogoutRequest`. After successful validation of the request, Elasticsearch invalidates the access token and refresh token that corresponds to that specific SAML principal and provides a URL that contains a SAML LogoutResponse message. Thus the user can be redirected back to their IdP.

https://www.elastic.co/docs/api/doc/elasticsearch/v9/operation/operation-security-saml-invalidate

func (*SamlInvalidate) Acs ¶

func (r *SamlInvalidate) Acs(acs string) *SamlInvalidate

The Assertion Consumer Service URL that matches the one of the SAML realm in Elasticsearch that should be used. You must specify either this parameter or the `realm` parameter. API name: acs

func (SamlInvalidate) Do ¶

func (r SamlInvalidate) Do(providedCtx context.Context) (*Response, error)

Do runs the request through the transport, handle the response and returns a samlinvalidate.Response

func (*SamlInvalidate) ErrorTrace ¶

func (r *SamlInvalidate) ErrorTrace(errortrace bool) *SamlInvalidate

ErrorTrace When set to `true` Elasticsearch will include the full stack trace of errors when they occur. API name: error_trace

func (*SamlInvalidate) FilterPath ¶

func (r *SamlInvalidate) FilterPath(filterpaths ...string) *SamlInvalidate

FilterPath Comma-separated list of filters in dot notation which reduce the response returned by Elasticsearch. API name: filter_path

func (r *SamlInvalidate) Header(key, value string) *SamlInvalidate

Header set a key, value pair in the SamlInvalidate headers map.

func (*SamlInvalidate) HttpRequest ¶

func (r *SamlInvalidate) HttpRequest(ctx context.Context) (*http.Request, error)

HttpRequest returns the http.Request object built from the given parameters.

func (*SamlInvalidate) Human ¶

func (r *SamlInvalidate) Human(human bool) *SamlInvalidate

Human When set to `true` will return statistics in a format suitable for humans. For example `"exists_time": "1h"` for humans and `"eixsts_time_in_millis": 3600000` for computers. When disabled the human readable values will be omitted. This makes sense for responses being consumed only by machines. API name: human

func (SamlInvalidate) Perform ¶

func (r SamlInvalidate) Perform(providedCtx context.Context) (*http.Response, error)

Perform runs the http.Request through the provided transport and returns an http.Response.

func (*SamlInvalidate) Pretty ¶

func (r *SamlInvalidate) Pretty(pretty bool) *SamlInvalidate

Pretty If set to `true` the returned JSON will be "pretty-formatted". Only use this option for debugging only. API name: pretty

func (*SamlInvalidate) QueryString ¶

func (r *SamlInvalidate) QueryString(querystring string) *SamlInvalidate

The query part of the URL that the user was redirected to by the SAML IdP to initiate the Single Logout. This query should include a single parameter named `SAMLRequest` that contains a SAML logout request that is deflated and Base64 encoded. If the SAML IdP has signed the logout request, the URL should include two extra parameters named `SigAlg` and `Signature` that contain the algorithm used for the signature and the signature value itself. In order for Elasticsearch to be able to verify the IdP's signature, the value of the `query_string` field must be an exact match to the string provided by the browser. The client application must not attempt to parse or process the string in any way. API name: query_string

func (*SamlInvalidate) Raw ¶

func (r *SamlInvalidate) Raw(raw io.Reader) *SamlInvalidate

Raw takes a json payload as input which is then passed to the http.Request If specified Raw takes precedence on Request method.

func (*SamlInvalidate) Realm ¶

func (r *SamlInvalidate) Realm(realm string) *SamlInvalidate

The name of the SAML realm in Elasticsearch the configuration. You must specify either this parameter or the `acs` parameter. API name: realm

func (*SamlInvalidate) Request ¶

func (r *SamlInvalidate) Request(req *Request) *SamlInvalidate

Request allows to set the request property with the appropriate payload.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL