mattbaird/gosaml mattbaird/gosaml

  • Stars
    star
    146
  • Rank 252,769 (Top 5 %)
  • Language
    Go
  • License
    Apache License 2.0
  • Created about 11 years ago
  • Updated almost 9 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
mattbaird/gosaml
github

mattbaird

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

SAML client library written in Go (golang)

gosaml

SAML client library written in Go (golang)

SAML is the successful OASIS standard for cloud based single sign on (SSO). SAML allows for companies that maintain a security infrastructure internally to allow using that same set of credentials via a safe, secure mechanism with externally hosted services.

For instance, New Relic allows you to configure a saml provider (https://newrelic.com/docs/subscriptions/saml-service-providers) so you can maintain your own credentials instead of using New Relic's.

Ping Identity has a nice video for SAML here: https://www.pingidentity.com/resource-center/Introduction-to-SAML-Video.cfm

Installation

Use the go get command to fetch gosaml and its dependencies into your local $GOPATH:

$ go get github.com/mattbaird/gosaml

Usage

Generating Unsigned AuthnRequests

package main

import (
    "fmt"
    "github.com/mattbaird/gosaml"
)

func main() {
    // Configure the app and account settings
    appSettings := saml.NewAppSettings("http://www.onelogin.net", "issuer")
    accountSettings := saml.NewAccountSettings("cert", "http://www.onelogin.net")

    // Construct an AuthnRequest
    authRequest := saml.NewAuthorizationRequest(*appSettings, *accountSettings)

    // Return a SAML AuthnRequest as a string
    saml, err := authRequest.GetRequest(false)

    if err != nil {
        fmt.Println(err)
        return
    }
    fmt.Println(saml)
}

The above code will generate the following AuthnRequest XML:

<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    ID="_fd22bc94-0dee-489f-47d5-b86e3100268c" Version="2.0" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    AssertionConsumerServiceURL="http://www.onelogin.net" IssueInstant="2014-09-02T13:15:28" AssertionConsumerServiceIndex="0"
    AttributeConsumingServiceIndex="0">
    <saml:Issuer>https://sp.example.com/SAML2</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"></samlp:NameIDPolicy>
    <samlp:RequestedAuthnContext xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Comparison="exact"></samlp:RequestedAuthnContext>
    <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
        urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
    </saml:AuthnContextClassRef>
</samlp:AuthnRequest>

Generating Signed AuthnRequests

See the github wiki for basic instructions on generating an X.509 certificate for signing.

package main

import (
    "fmt"
    "github.com/mattbaird/gosaml"
)

func main() {
    // Configure the app and account settings
    appSettings := saml.NewAppSettings("http://www.onelogin.net", "issuer")
    accountSettings := saml.NewAccountSettings("cert", "http://www.onelogin.net")

    // Construct an AuthnRequest
    authRequest := saml.NewAuthorizationRequest(*appSettings, *accountSettings)

    // Return a SAML AuthnRequest as a string
    saml, err := authRequest.GetSignedRequest(false, "/path/to/publickey.cer", "/path/to/privatekey.pem")

    if err != nil {
        fmt.Println(err)
        return
    }
    fmt.Println(saml)
}

The above code will generate the following AuthnRequest XML:

<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:samlsig="http://www.w3.org/2000/09/xmldsig#" ID="_0a4ca0ba-a90c-4780-5f73-d0142f0f0c0f" Version="2.0"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="http://www.onelogin.net"
    IssueInstant="2014-09-03T11:17:07" AssertionConsumerServiceIndex="0" AttributeConsumingServiceIndex="0">
    <saml:Issuer>https://sp.example.com/SAML2</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
    <samlp:RequestedAuthnContext xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Comparison="exact"/>
    <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
        urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
    </saml:AuthnContextClassRef>
    <samlsig:Signature Id="Signature1">
        <samlsig:SignedInfo>
            <samlsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <samlsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <samlsig:Reference URI="#_0a4ca0ba-a90c-4780-5f73-d0142f0f0c0f">
                <samlsig:Transforms>
                    <samlsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                </samlsig:Transforms>
                <samlsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <samlsig:DigestValue>8nJJwstdugjt6LJ+pbICc2iBwCc=</samlsig:DigestValue>
            </samlsig:Reference>
        </samlsig:SignedInfo>
        <samlsig:SignatureValue>J35w3/wk5pmrKn6qdfo4L0r0c...t2MGKH8w==</samlsig:SignatureValue>
        <samlsig:KeyInfo>
            <samlsig:X509Data>
                <samlsig:X509Certificate>MIICKzCCAdWgAwIBA...JHpg+GVGdcCty+4xA==</samlsig:X509Certificate>
            </samlsig:X509Data>
        </samlsig:KeyInfo>
    </samlsig:Signature>
</samlp:AuthnRequest>

More Repositories

1

elastigo

A Go (golang) based Elasticsearch client library.
Go
943
star
2

gochimp

Golang based client API for Mailchimp, including Mandrill
Go
187
star
3

jsonpatch

As per http://jsonpatch.com/ JSON Patch is specified in RFC 6902 from the IETF.
Go
132
star
4

http-digest-auth-client

Go (golang) http digest authentication client.
Go
19
star
5

tableau4go

A Go (golang) client library for Tableau Server
Go
10
star
6

glik

go (golang) client api for the Qlik Sense family of products
Go
10
star
7

RAMbLOn

An Interactive RAML v1.0 API to HTML Documentation Generator Written in Go (golang)
Go
10
star
8

go-i18n-formats

Golang internationalization formats for dates, times, numbers, and currencies
Go
6
star
9

restful_active_merchant

RESTful, JSON wrapper around active_merchant
Ruby
4
star
10

GoJSObjectGenerator

Generates stub Javascript objects from Go structs. Used for Websocket message generation and synchronization.
Go
4
star
11

gobetween

A Go (Golang) tool that helps make multi library dependency management with Glide easier.
Go
3
star
12

hivedriver

a golang hive db driver
Go
3
star
13

hive

thrift hive generated code
Go
2
star
14

freshdesk4go

Freshdesk client API in Go (Golang)
Go
2
star
15

runny

data and log aggregation in Go
Go
2
star
16

docker-statsd

statsd, graphite and carbon working in docker
Shell
2
star
17

goonix

Some UNIX helpers for checking existence of users groups, checking disk space, etc.
Go
2
star
18

dotfiles

My dotfiles
Shell
1
star
19

linkedin

linkedin v2 api
Go
1
star
20

hivejdbc

a packaging project that will build a single jar with all the hive JDBC dependencies for a given version of Hive.
Shell
1
star
21

go-gelf

Go
1
star