Back to Open Source
go-saml
High-level API library for Single Sign On with SAML 2.0 based on etree and signedxml, a pure Go implementation. The library provides the Identity Provider Implementation with support of both IDPInitiated and SPInitiated flow.
Features
- Generating identity provider metadata
- Validating Redirect/Post Binding signed/unsigned AuthnRequests
- Generating Post signed Responses
- Validating Redirect/Post Binding signed/unsigned LogoutRequest
- Generating Post signed LogoutResponses
- SessionIndex
Installation
Install go-saml
into your $GOPATH
using go get:
1go get github.com/LoginRadius/go-saml
Usage
Below are samples to show how you might use the library.
Create Idp Provider Instance
1idp := saml.IdentityProvider{
2 IsIdpInitiated: false,
3 Issuer: "https://identity-provider.com/",
4 Audiences: "https://service-provider.com/",
5 IDPCert: "<IDPCert PEM Format>",
6 IDPKey: "<IDPKey PEM Format>",
7 SPCert: "<SPCert PEM Format>",
8 NameIdentifier: "john@idp.com",
9 NameIdentifierFormat: saml.AttributeFormatUnspecified,
10 ACSLocation: "https://service-provider-acs.com", //Service Provider Login Url
11 ACSBinging: saml.HTTPPostBinding,
12 SessionIndex: "1ac5bc03-06a1-413d-8542-e7a7e7d9e9f2",
13 LogoutUrl: "https://service-provider-acs.com/logout" //Service Provider Logout Url
14}
15
16//Add Attributes
17idp.AddAttribute("Fname", "john", saml.AttributeFormatUnspecified)
Validate and Parse AuthnRequest
1//This validate the AuthnRequest and set parsed value in the idp instance,
2//that used in Generating the SAML Response with InResponseTo property.
3
4//Get Querystring and Payload values from request with url.Value{} type
5validationError := idp.ValidateAuthnRequest(method"POST",query url.Values,payload url.Values);
6if validationError !=nil {
7 return validationError
8}
Generate Login Response
1signedXML, signedXMLErr := idp.NewSignedLoginResponse()
2if signedXMLErr != nil {
3 return signedXMLErr
4}
5
6//Generate html content for Post
7html, err := idp.ResponseHtml(signedXML, "Response")
8if err !=nil {
9 return err
10}
Validate and Parse Logout Request
1//This validate the AuthnRequest and set parsed value in the idp instance,
2//that is used in Generating the SAML Logout Response with InResponseTo property
3
4//Get Querystring and Payload values from request with url.Value{} type
5validationError := idp.ValidateLogoutRequest(method"POST",query url.Values,payload url.Values);
6if validationError !=nil {
7 return validationError
8}
Generate Logout Response
1signedXML, signedXMLErr := idp.NewSignedLoginResponse()
2if signedXMLErr != nil {
3 return signedXMLErr
4}
5
6//Generate html content for Post
7html, err := idp.ResponseHtml(signedXML, "LogoutResponse")
8if err !=nil {
9 return err
10}
Metadata Identity Provider
1idp := saml.IdentityProvider{
2 Issuer: "https://identity-provider.com/",
3 Audiences: "https://service-provider.com/",
4 IDPCert: "<IDPCert PEM Format>",
5 NameIdentifierFormat: saml.AttributeFormatUnspecified,
6}
7
8idp.AddSingleSignOnService(saml.MetadataBinding{
9 Binding: saml.HTTPPostBinding,
10 Location: "https://identity-provider.com/saml/post",
11})
12
13idp.AddSingleSignOnService(saml.MetadataBinding{
14 Binding: saml.HTTPRedirectBinding,
15 Location: "https://identity-provider.com/saml/redirect",
16})
17
18idp.AddSingleSignOutService(saml.MetadataBinding{
19 Binding: saml.HTTPPostBinding,
20 Location: "https://identity-provider.com/saml/post/logout",
21})
22
23// Generate xml for IDP Metadata
24xml, xmlerr := idp.MetaDataResponse()
Example
Please see examples for how to use the library to be an identity provider.
Contributing
Would love any contribution by you, including better documentation, tests or more robust functionality. Please follow the contributing guide