repos/saml-oidc-bridge
6
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Releases 4 Activity
Files
88e85c84c629d6024e1cb827a817b2f4f6402daf
saml-oidc-bridge/internal/saml/idp.go
Shamil Nunhuck 920a79b2e9 initial commit
2025-11-08 10:18:19 +00:00

71 lines
1.7 KiB
Go
Raw Blame History

package saml
import (
"encoding/base64"
"time"
"shamilnunhuck/saml-oidc-bridge/internal/config"
"shamilnunhuck/saml-oidc-bridge/internal/crypto"
"github.com/crewjam/saml"
)
type IdP struct {
keys *crypto.KeyStore
sec config.Security
entityID string
ssoURL string
}
func NewIdP(cfg *config.Config, ks *crypto.KeyStore) *IdP {
return &IdP{
keys: ks,
sec: cfg.Security,
entityID: cfg.Server.ExternalURL,
ssoURL: cfg.Server.ExternalURL + "/saml/sso",
}
}
func (i *IdP) Metadata() *saml.EntityDescriptor {
// we need to publish all certs, to allow safe rotation
keyDescriptors := []saml.KeyDescriptor{}
for _, der := range i.keys.AllCertsDER() {
keyDescriptors = append(keyDescriptors, saml.KeyDescriptor{
Use: "signing",
KeyInfo: saml.KeyInfo{
X509Data: saml.X509Data{
X509Certificates: []saml.X509Certificate{{
Data: base64.StdEncoding.EncodeToString(der),
}},
},
},
})
}
entityDescriptor := &saml.EntityDescriptor{
EntityID: i.entityID,
// crewjam expects time.Time for ValidUntil and time.Duration for CacheDuration
ValidUntil: time.Now().UTC().Add(time.Duration(i.sec.MetadataValidUntilDays) * 24 * time.Hour),
CacheDuration: time.Duration(i.sec.MetadataCacheDurationSeconds) * time.Second,
IDPSSODescriptors: []saml.IDPSSODescriptor{
{
SSODescriptor: saml.SSODescriptor{
RoleDescriptor: saml.RoleDescriptor{
ProtocolSupportEnumeration: "urn:oasis:names:tc:SAML:2.0:protocol",
KeyDescriptors: keyDescriptors,
},
},
SingleSignOnServices: []saml.Endpoint{
{
Binding: saml.HTTPPostBinding,
Location: i.ssoURL,
},
},
},
},
}
return entityDescriptor
}
Reference in New Issue View Git Blame Copy Permalink