lighthouse

package module
v0.8.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 2, 2025 License: MIT Imports: 29 Imported by: 0

README

LightHouse - A Go-Based Trust Anchor / Intermediate Authority / Trust Mark Issuer

LightHouse helps you to navigate the wild and complex sea of OpenID Federation.

LightHouse is a flexible and configurable OpenID Federation Entity. It can be configured and deployed as a Trust Anchor / Intermediate Authority / Resolver / Trust Mark Issuer or everything at the same time. LightHouse uses the go-oidfed/lib oidfed library.

LightHouse also can be used to build your own federation entity on top of the existing implementation.

Documentation

For more information please refer to the Documentation at https://go-oidfed.github.io/lighthouse/

Configuration

The configuration of LightHouse is explained in details at https://go-oidfed.github.io/lighthouse/config/.

Docker Images

Docker images are available at docker hub under oidfed/lighthouse.

  • The go oidfed library at https://github.com/go-oidfed/lib contains:
    • The basic go-oidfed library with the core oidfed functionalities.
    • It can be used to build all kind of oidfed capable entities.
    • LightHouse uses this library
  • The whoami-rp repository at https://github.com/go-oidfed/whoami-rp contains:
    • A simple - but not very useful - example RP.
  • The OFFA repository at https://github.com/go-oidfed/offa:
    • OFFA stands for Openid Federation Forward Auth
    • OFFA can be deployed next to existing services to add oidfed authentication to services that do not natively support it.
    • OFFA can be used with Apache, Caddy, NGINX, and Traefik.

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var FiberServerConfig = fiber.Config{
	ReadTimeout:    3 * time.Second,
	WriteTimeout:   20 * time.Second,
	IdleTimeout:    150 * time.Second,
	ReadBufferSize: 8192,

	ErrorHandler: handleError,
	Network:      "tcp",
}

FiberServerConfig is the fiber.Config that is used to init the http fiber.App

Functions

func RegisterEntityChecker 

func RegisterEntityChecker(configTypeName string, constructor func() EntityChecker)

RegisterEntityChecker registers a custom EntityChecker so EntityCheckerFromYAMLConfig knows about it and can return it from a yaml config

Types

type AuthorityHintEntityChecker 

type AuthorityHintEntityChecker struct {
	EntityID string `yaml:"entity_id"`
}

AuthorityHintEntityChecker checks that the entity has a certain entry in its authority_hints

func (AuthorityHintEntityChecker) Check 

func (c AuthorityHintEntityChecker) Check(
	entityConfiguration *oidfed.EntityStatement,
	_ []string,
) (bool, int, *oidfed.Error)

Check implements the EntityChecker interface

func (*AuthorityHintEntityChecker) UnmarshalYAML 

func (c *AuthorityHintEntityChecker) UnmarshalYAML(node *yaml.Node) error

UnmarshalYAML implements the yaml.Unmarshaler and EntityChecker interface

type EndpointConf 

type EndpointConf struct {
	Path string `yaml:"path"`
	URL  string `yaml:"url"`
}

EndpointConf is a type for configuring an endpoint with an internal and external path

func (EndpointConf) IsSet 

func (c EndpointConf) IsSet() bool

IsSet returns a bool indicating if this endpoint was configured or not

func (*EndpointConf) ValidateURL 

func (c *EndpointConf) ValidateURL(rootURL string) string

ValidateURL validates that an external URL is set, and if not prefixes the internal path with the passed rootURL and sets it at the external url

type EntityChecker 

type EntityChecker interface {
	// Check checks if the entity with the passed oidfed.EntityStatement
	// satisfies the requirements of this EntityChecker or not
	// It returns a bool indicating this status,
	// and if not a http status code as well as a oidfed.Error as api response
	Check(
		entityConfiguration *oidfed.EntityStatement,
		entityTypes []string,
	) (bool, int, *oidfed.Error)
	// Unmarshaler is used to load the configuration
	yaml.Unmarshaler
}

EntityChecker is an interface used to check if an entity satisfies some requirements, e.g. to check if an entity should be enrolled in the federation or should be issued a trust mark

func EntityCheckerFromEntityCheckerConfig 

func EntityCheckerFromEntityCheckerConfig(c EntityCheckerConfig) (
	EntityChecker,
	error,
)

EntityCheckerFromEntityCheckerConfig parses the passed EntityCheckerConfig and returns the configured EntityChecker

func EntityCheckerFromYAMLConfig 

func EntityCheckerFromYAMLConfig(config []byte) (EntityChecker, error)

EntityCheckerFromYAMLConfig passes the passed yaml config and returns the configured EntityChecker

type EntityCheckerConfig 

type EntityCheckerConfig struct {
	Type   string    `yaml:"type"`
	Config yaml.Node `yaml:"config,omitempty"`
}

EntityCheckerConfig is a type for configuring an EntityChecker through yaml

type EntityCheckerNone 

type EntityCheckerNone struct{}

EntityCheckerNone is a type implementing EntityChecker but that checks nothing

func (EntityCheckerNone) Check 

func (EntityCheckerNone) Check(_ *oidfed.EntityStatement, _ []string) (
	bool, int, *oidfed.Error,
)

Check implements the EntityChecker interface

func (EntityCheckerNone) UnmarshalYAML 

func (EntityCheckerNone) UnmarshalYAML(_ *yaml.Node) error

UnmarshalYAML implements the EntityChecker interface

type EntityIDEntityChecker 

type EntityIDEntityChecker struct {
	AllowedIDs []string `yaml:"entity_ids"`
}

EntityIDEntityChecker checks that the entity has a certain entity id

func (EntityIDEntityChecker) Check 

func (c EntityIDEntityChecker) Check(
	entityConfiguration *oidfed.EntityStatement,
	_ []string,
) (bool, int, *oidfed.Error)

Check implements the EntityChecker interface

func (*EntityIDEntityChecker) UnmarshalYAML 

func (c *EntityIDEntityChecker) UnmarshalYAML(node *yaml.Node) error

UnmarshalYAML implements the yaml.Unmarshaler and EntityChecker interface

type LightHouse 

type LightHouse struct {
	*oidfed.FederationEntity
	*oidfed.TrustMarkIssuer
	*jwx.GeneralJWTSigner
	SubordinateStatementsConfig

	LogoBanner    bool
	VersionBanner bool
	// contains filtered or unexported fields
}

LightHouse is a type a that represents a federation entity that can have multiple purposes (TA/IA + TMI, etc.)

func NewLightHouse 

func NewLightHouse(
	serverConf ServerConf,
	entityID string, authorityHints []string, metadata *oidfed.Metadata,
	signer jwx.VersatileSigner, signingAlg jwa.SignatureAlgorithm,
	configurationLifetime time.Duration,
	stmtConfig SubordinateStatementsConfig, extra map[string]any,
) (
	*LightHouse,
	error,
)

NewLightHouse creates a new LightHouse

func (*LightHouse) AddEnrollEndpoint 

func (fed *LightHouse) AddEnrollEndpoint(
	endpoint EndpointConf,
	store storage.SubordinateStorageBackend,
	checker EntityChecker,
)

AddEnrollEndpoint adds an endpoint to enroll to this IA/TA

func (*LightHouse) AddEnrollRequestEndpoint 

func (fed *LightHouse) AddEnrollRequestEndpoint(
	endpoint EndpointConf,
	store storage.SubordinateStorageBackend,
)

AddEnrollRequestEndpoint adds an endpoint to request enrollment to this IA /TA (this does only add a request to the storage, no automatic enrollment)

func (*LightHouse) AddEntityCollectionEndpoint 

func (fed *LightHouse) AddEntityCollectionEndpoint(
	endpoint EndpointConf, collector oidfed.EntityCollector,
	allowedTrustAnchors []string, paginationSupported bool,
)

AddEntityCollectionEndpoint adds an entity collection endpoint

func (*LightHouse) AddFetchEndpoint 

func (fed *LightHouse) AddFetchEndpoint(endpoint EndpointConf, store storage.SubordinateStorageBackend)

AddFetchEndpoint adds a fetch endpoint

func (*LightHouse) AddHistoricalKeysEndpoint added in v0.6.0 

func (fed *LightHouse) AddHistoricalKeysEndpoint(
	endpoint EndpointConf, historyFnc func() jwx.JWKS,
)

AddHistoricalKeysEndpoint adds the federation historical keys endpoint

func (*LightHouse) AddResolveEndpoint 

func (fed *LightHouse) AddResolveEndpoint(
	endpoint EndpointConf, allowedTrustAnchors []string, proactiveResolver *oidfed.ProactiveResolver,
)

AddResolveEndpoint adds a resolve endpoint

func (*LightHouse) AddSubordinateListingEndpoint 

func (fed *LightHouse) AddSubordinateListingEndpoint(
	endpoint EndpointConf, store storage.SubordinateStorageBackend,
	trustMarkStore storage.TrustMarkedEntitiesStorageBackend,
)

AddSubordinateListingEndpoint adds a subordinate listing endpoint

func (*LightHouse) AddTrustMarkEndpoint 

func (fed *LightHouse) AddTrustMarkEndpoint(
	endpoint EndpointConf,
	store storage.TrustMarkedEntitiesStorageBackend,
	checkers map[string]EntityChecker,
)

AddTrustMarkEndpoint adds a trust mark endpoint

func (*LightHouse) AddTrustMarkRequestEndpoint 

func (fed *LightHouse) AddTrustMarkRequestEndpoint(
	endpoint EndpointConf,
	store storage.TrustMarkedEntitiesStorageBackend,
)

AddTrustMarkRequestEndpoint adds an endpoint where entities can request to be entitled for a trust mark

func (*LightHouse) AddTrustMarkStatusEndpoint 

func (fed *LightHouse) AddTrustMarkStatusEndpoint(
	endpoint EndpointConf,
	store storage.TrustMarkedEntitiesStorageBackend,
)

AddTrustMarkStatusEndpoint adds a trust mark status endpoint

func (*LightHouse) AddTrustMarkedEntitiesListingEndpoint 

func (fed *LightHouse) AddTrustMarkedEntitiesListingEndpoint(
	endpoint EndpointConf,
	store storage.TrustMarkedEntitiesStorageBackend,
)

AddTrustMarkedEntitiesListingEndpoint adds a trust marked entities endpoint

func (LightHouse) CreateSubordinateStatement 

func (fed LightHouse) CreateSubordinateStatement(subordinate *storage.SubordinateInfo) oidfed.EntityStatementPayload

CreateSubordinateStatement returns an oidfed.EntityStatementPayload for the passed storage.SubordinateInfo

func (LightHouse) HttpHandlerFunc 

func (fed LightHouse) HttpHandlerFunc() http.HandlerFunc

HttpHandlerFunc returns an http.HandlerFunc for serving all the necessary endpoints

func (LightHouse) Listen 

func (fed LightHouse) Listen(addr string) error

Listen starts an http server at the specific address for serving all the necessary endpoints

func (LightHouse) Start 

func (fed LightHouse) Start()

type MultipleEntityCheckerAnd 

type MultipleEntityCheckerAnd struct {
	Checkers []EntityChecker
}

MultipleEntityCheckerAnd is an EntityChecker that combines multiple EntityChecker by requiring all checks to pass

func NewMultipleEntityCheckerAnd 

func NewMultipleEntityCheckerAnd(
	checkers ...EntityChecker,
) *MultipleEntityCheckerAnd

NewMultipleEntityCheckerAnd returns a new MultipleEntityCheckerAnd using all the passed EntityChecker

func (MultipleEntityCheckerAnd) Check 

func (c MultipleEntityCheckerAnd) Check(entityStatement *oidfed.EntityStatement, entityTypes []string) (
	bool, int, *oidfed.Error,
)

Check implements the EntityChecker interface

func (*MultipleEntityCheckerAnd) UnmarshalYAML 

func (c *MultipleEntityCheckerAnd) UnmarshalYAML(node *yaml.Node) error

UnmarshalYAML implements the yaml.Unmarshaler and EntityChecker interfaces

type MultipleEntityCheckerOr 

type MultipleEntityCheckerOr struct {
	Checkers []EntityChecker
}

MultipleEntityCheckerOr is an EntityChecker that combines multiple EntityChecker by requiring only one check to pass

func NewMultipleEntityCheckerOr 

func NewMultipleEntityCheckerOr(checkers ...EntityChecker) *MultipleEntityCheckerOr

NewMultipleEntityCheckerOr returns a new MultipleEntityCheckerOr using all the passed EntityChecker

func (MultipleEntityCheckerOr) Check 

func (c MultipleEntityCheckerOr) Check(
	entityStatement *oidfed.EntityStatement, entityTypes []string,
) (bool, int, *oidfed.Error)

Check implements the EntityChecker interface

func (*MultipleEntityCheckerOr) UnmarshalYAML 

func (c *MultipleEntityCheckerOr) UnmarshalYAML(node *yaml.Node) error

UnmarshalYAML implements the yaml.Unmarshaler and EntityChecker interfaces

type ServerConf 

type ServerConf struct {
	Port              int      `yaml:"port"`
	TLS               tlsConf  `yaml:"tls"`
	TrustedProxies    []string `yaml:"trusted_proxies"`
	ForwardedIPHeader string   `yaml:"forwarded_ip_header"`
}

type SubordinateStatementsConfig 

type SubordinateStatementsConfig struct {
	MetadataPolicies             *oidfed.MetadataPolicies
	SubordinateStatementLifetime time.Duration
	Constraints                  *oidfed.ConstraintSpecification
	CriticalExtensions           []string
	MetadataPolicyCrit           []oidfed.PolicyOperatorName
	Extra                        map[string]any
}

SubordinateStatementsConfig is a type for setting MetadataPolicies and additional attributes that should go into the SubordinateStatements issued by this LightHouse

type TrustMarkEntityChecker 

type TrustMarkEntityChecker struct {
	TrustMarkType       string                    `yaml:"trust_mark_type"`
	TrustAnchors        oidfed.TrustAnchors       `yaml:"trust_anchors"`
	TrustMarkIssuerJWKS jwx.JWKS                  `yaml:"trust_mark_issuer_jwks"`
	TrustMarkOwnerSpec  oidfed.TrustMarkOwnerSpec `yaml:"trust_mark_owner"`
}

TrustMarkEntityChecker checks that the entity has a valid trust mark. The trust mark can be checked with a specific issuer or through the federation

func (TrustMarkEntityChecker) Check 

func (c TrustMarkEntityChecker) Check(
	entityConfiguration *oidfed.EntityStatement,
	entityTypes []string,
) (bool, int, *oidfed.Error)

Check implements the EntityChecker interface

func (*TrustMarkEntityChecker) UnmarshalYAML 

func (c *TrustMarkEntityChecker) UnmarshalYAML(node *yaml.Node) error

UnmarshalYAML implements the yaml.Unmarshaler and EntityChecker interface

type TrustPathEntityChecker 

type TrustPathEntityChecker struct {
	TrustAnchors oidfed.TrustAnchors `yaml:"trust_anchors"`
	// contains filtered or unexported fields
}

TrustPathEntityChecker checks that the entity has a valid trust path to a trust anchor

func (TrustPathEntityChecker) Check 

func (c TrustPathEntityChecker) Check(
	entityConfiguration *oidfed.EntityStatement,
	entityTypes []string,
) (bool, int, *oidfed.Error)

Check implements the EntityChecker interface

func (*TrustPathEntityChecker) UnmarshalYAML 

func (c *TrustPathEntityChecker) UnmarshalYAML(node *yaml.Node) error

UnmarshalYAML implements the yaml.Unmarshaler and EntityChecker interface

Source Files

View all Source files

Directories

Path Synopsis
cmd
lhcli command
lighthouse command
lighthouse/config
internal
logger
utils
version

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.