// SSOCreateInitialRequest creates a SAMLRequest given the tp Testparams
func (tp *Testparams) SSOCreateInitialRequest() {
tp.IdpentityID = tp.Idpmd.Query1(nil, "@entityID")
tp.Initialrequest = gosaml.NewAuthnRequest(gosaml.IdAndTiming{time.Now(), 4 * time.Minute, 4 * time.Hour, "", ""}, tp.Spmd, tp.Firstidpmd)
// add scoping element if we want to bypass discovery
if tp.Usescope {
tp.Initialrequest.QueryDashP(nil, "./samlp:Scoping/samlp:IDPList/samlp:IDPEntry/@ProviderID", tp.IdpentityID, nil)
}
return
}
func birkService(w http.ResponseWriter, r *http.Request) (err error) {
defer r.Body.Close()
// get the sp as well to check for allowed acs
req, _, mdbirkidp, err := gosaml.GetSAMLMsg(r, "SAMLRequest", edugain, edugain, nil)
if err != nil {
return
}
// Save the request in a cookie for when the response comes back
cookievalue := base64.StdEncoding.EncodeToString(gosaml.Deflate(req.X2s()))
http.SetCookie(w, &http.Cookie{Name: "BIRK", Value: cookievalue, Domain: config["HYBRID_DOMAIN"], Path: "/", Secure: true, HttpOnly: true})
idp := debify.ReplaceAllString(mdbirkidp.Query1(nil, "@entityID"), "$1$2")
mdidp, err := hub_ops.MDQ(idp)
mdhub, err := hub.MDQ(config["HYBRID_HUB"])
// use a std request - we take care of NameID etc in acsService below
newrequest := gosaml.NewAuthnRequest(stdtiming.Refresh(), mdhub, mdidp)
// to-do delete the following line when md for the hub is OK
newrequest.QueryDashP(nil, "@AssertionConsumerServiceURL", config["HYBRID_HUB"]+config["HYBRID_ACS"], nil)
u, _ := gosaml.SAMLRequest2Url(newrequest, "", "", "") // not signed so blank key, pw and algo
http.Redirect(w, r, u.String(), http.StatusFound)
return
}