/
saml-endpoint.go
82 lines (65 loc) · 1.45 KB
/
saml-endpoint.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
package main
import (
"bytes"
"crypto/tls"
"encoding/base64"
"encoding/gob"
"encoding/xml"
"log"
"net/http"
"os"
"github.com/RangelReale/osin"
"github.com/andrewstuart/gosaml2"
)
var cert tls.Certificate
func init() {
var err error
name := os.Getenv("ENC_CERT_NAME")
cert, err = tls.LoadX509KeyPair(crt(name), key(name))
if err != nil {
log.Fatal("Error loading tls certs", err)
}
gob.Register(saml.Assertion{})
gob.Register(&saml.AudienceRestriction{})
}
func handleSAML(w http.ResponseWriter, r *http.Request) {
resp := server.NewResponse()
defer resp.Close()
defer func() {
err := osin.OutputJSON(resp, w, r)
if err != nil {
log.Println("error finishing authZ request", err)
}
}()
if ar := server.HandleAuthorizeRequest(resp, r); ar != nil {
defer server.FinishAuthorizeRequest(resp, r, ar)
err := r.ParseForm()
if err != nil {
log.Println(err)
}
sr := r.Form.Get("SAMLResponse")
bs, err := base64.StdEncoding.DecodeString(sr)
if err != nil {
log.Println("Error decoding base64", err)
}
var res saml.Response
err = xml.NewDecoder(bytes.NewBuffer(bs)).Decode(&res)
if err != nil {
log.Println(err)
return
}
pt, err := res.Decrypt(cert)
if err != nil {
log.Println("error decrypting saml:", err)
return
}
var a saml.Assertion
err = xml.NewDecoder(bytes.NewBuffer(pt)).Decode(&a)
if err != nil {
log.Println(err)
return
}
ar.UserData = a
ar.Authorized = true
}
}