func DefaultErrorCallback(w http.ResponseWriter, r *http.Request, err Error)
func DefaultLoginCallback(w http.ResponseWriter, r *http.Request, resp *saml.Assertion)
type Error struct {
Err error
// The suggested HTTP response code for this error
ResponseCode int
}
func (s Error) Error() string
ErrorCallback is called whenever an error occurs in the saml package. The callback is expected to send a response to the request. The http.ResponseWriter will not have been written to, allowing the callback to send headers if desired.
type ErrorCallback func(http.ResponseWriter, *http.Request, Error)
IDStore stores the request id for SAML auth flows
type IDStore interface {
// StoreID stores a request ID in such a way that it can be
// retreived later using GetIDs
StoreID(w http.ResponseWriter, r *http.Request, id string) error
// GetIDs returns the currently valid request ID for SAML authentication
// If no ID is found an empty string should be returned without an error
GetID(r *http.Request) (string, error)
}
LoginCallback is called whenever an auth flow is successfully completed. The callback is responsible preserving the login state.
type LoginCallback func(http.ResponseWriter, *http.Request, *saml.Assertion)
type Param func(sp *ServiceProvider) error
func WithACSPath(path string) Param
WithACSPath sets the path where the assertion consumer handler for the service provider is registered. The path is included in generated metadata. This is a required parameter.
func WithCertificateFromBytes(certBytes []byte) Param
func WithCertificateFromFile(path string) Param
func WithEncryptedAssertions(encrypt bool) Param
WithEncryptedAssertions enables or disables assertion encryption. By default, encryption is enabled. When set to false, the encryption key is not included in generated metadata.
func WithEntityFromBytes(metadata []byte) Param
func WithEntityFromURL(url string) Param
func WithErrorCallback(ecb ErrorCallback) Param
func WithForceAuthn(force bool) Param
func WithForceTLS(force bool) Param
func WithIDStore(store IDStore) Param
func WithKeyFromBytes(keyBytes []byte) Param
func WithKeyFromFile(path string) Param
func WithLoginCallback(lcb LoginCallback) Param
func WithLogoutPath(path string) Param
WithLogoutPath sets the path where the single logout handler for the service provider is registered. The path is included in generated metadata.
func WithMetadataPath(path string) Param
WithMetadataPath sets the path where the metadata handler for the service provider is registered. The path is included in generated metadata. This is a required parameter.
func WithNameIDFormat(n saml.NameIDFormat) Param
func WithServiceProvider(s *saml.ServiceProvider) Param
ServiceProvider is capable of handling a SAML login. It provides an http.Handler (via ACSHandler) which can process the http POST from the SAML IDP. It accepts callbacks for both error and success conditions so that clients can take action after the auth flow is complete. It also provides a handler for serving the service provider metadata XML.
type ServiceProvider struct {
// contains filtered or unexported fields
}
func NewServiceProvider(params ...Param) (*ServiceProvider, error)
NewServiceProvider returns a ServiceProvider. The configuration of the ServiceProvider is a result of combinging settings provided to this method and values parsed from the IDP's metadata.
func (s *ServiceProvider) ACSHandler() http.Handler
ACSHandler returns an http.Handler which is capable of validating and processing SAML Responses.
func (s *ServiceProvider) DoAuth(w http.ResponseWriter, r *http.Request)
DoAuth takes an http.ResponseWriter that has not been written to yet, and conducts and SP initiated login If the flow proceeds correctly the user should be redirected to the handler provided by ACSHandler().
func (s *ServiceProvider) MetadataHandler() http.Handler
MetadataHandler returns an http.Handler which sends the generated metadata XML in response to a request