// Helper method for benchmarking various methods func benchmarkSigning(b *testing.B, method jwt.SigningMethod, key interface{}) { t := jwt.New(method) b.RunParallel(func(pb *testing.PB) { for pb.Next() { if _, err := t.SignedString(key); err != nil { b.Fatal(err) } } }) }
// Login performs the necessary actions to start an SP initiated login. func (sp *ServiceProvider) InitiateLogin(w http.ResponseWriter) error { acsURL, _ := url.Parse(sp.AcsURL) binding := HTTPRedirectBinding bindingLocation := sp.GetSSOBindingLocation(binding) if bindingLocation == "" { binding = HTTPPostBinding bindingLocation = sp.GetSSOBindingLocation(binding) } req, err := sp.MakeAuthenticationRequest(bindingLocation) if err != nil { return err } relayState := base64.URLEncoding.EncodeToString(randomBytes(42)) state := jwt.New(jwt.GetSigningMethod("HS256")) claims := state.Claims.(jwt.MapClaims) claims["id"] = req.ID signedState, err := state.SignedString(sp.cookieSecret()) if err != nil { return err } http.SetCookie(w, &http.Cookie{ Name: fmt.Sprintf("saml_%s", relayState), Value: signedState, MaxAge: int(MaxIssueDelay.Seconds()), HttpOnly: false, Path: acsURL.Path, }) if binding == HTTPRedirectBinding { redirectURL := req.Redirect(relayState) w.Header().Add("Location", redirectURL.String()) w.WriteHeader(http.StatusFound) return nil } if binding == HTTPPostBinding { w.Header().Set("Content-Security-Policy", ""+ "default-src; "+ "script-src 'sha256-D8xB+y+rJ90RmLdP72xBqEEc0NUatn7yuCND0orkrgk='; "+ "reflected-xss block; "+ "referrer no-referrer;") w.Header().Add("Content-type", "text/html") w.Write([]byte(`<!DOCTYPE html><html><body>`)) w.Write(req.Post(relayState)) w.Write([]byte(`</body></html>`)) return nil } panic("not reached") }