func NewSignedResponse() *Response {
return &Response{
XMLName: xml.Name{
Local: "samlp:Response",
},
SAMLP: "urn:oasis:names:tc:SAML:2.0:protocol",
SAML: "urn:oasis:names:tc:SAML:2.0:assertion",
SAMLSIG: "http://www.w3.org/2000/09/xmldsig#",
ID: util.ID(),
Version: "2.0",
IssueInstant: time.Now().UTC().Format(time.RFC3339Nano),
Issuer: Issuer{
XMLName: xml.Name{
Local: "saml:Issuer",
},
Url: "", // caller must populate ar.AppSettings.AssertionConsumerServiceURL,
},
Signature: Signature{
XMLName: xml.Name{
Local: "samlsig:Signature",
},
Id: "Signature1",
SignedInfo: SignedInfo{
XMLName: xml.Name{
Local: "samlsig:SignedInfo",
},
CanonicalizationMethod: CanonicalizationMethod{
XMLName: xml.Name{
Local: "samlsig:CanonicalizationMethod",
},
Algorithm: "http://www.w3.org/2001/10/xml-exc-c14n#",
},
SignatureMethod: SignatureMethod{
XMLName: xml.Name{
Local: "samlsig:SignatureMethod",
},
Algorithm: "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
},
SamlsigReference: SamlsigReference{
XMLName: xml.Name{
Local: "samlsig:Reference",
},
URI: "", // caller must populate "#" + ar.Id,
Transforms: Transforms{
XMLName: xml.Name{
Local: "samlsig:Transforms",
},
Transforms: []Transform{
{
XMLName: xml.Name{
Local: "samlsig:Transform",
},
Algorithm: "http://www.w3.org/2000/09/xmldsig#enveloped-signature",
},
},
},
DigestMethod: DigestMethod{
XMLName: xml.Name{
Local: "samlsig:DigestMethod",
},
Algorithm: "http://www.w3.org/2000/09/xmldsig#sha1",
},
DigestValue: DigestValue{
XMLName: xml.Name{
Local: "samlsig:DigestValue",
},
},
},
},
SignatureValue: SignatureValue{
XMLName: xml.Name{
Local: "samlsig:SignatureValue",
},
},
KeyInfo: KeyInfo{
XMLName: xml.Name{
Local: "samlsig:KeyInfo",
},
X509Data: X509Data{
XMLName: xml.Name{
Local: "samlsig:X509Data",
},
X509Certificate: X509Certificate{
XMLName: xml.Name{
Local: "samlsig:X509Certificate",
},
Cert: "", // caller must populate cert,
},
},
},
},
Status: Status{
XMLName: xml.Name{
Local: "samlp:Status",
},
StatusCode: StatusCode{
XMLName: xml.Name{
Local: "samlp:StatusCode",
},
// TODO unsuccesful responses??
Value: "urn:oasis:names:tc:SAML:2.0:status:Success",
},
},
Assertion: Assertion{
XMLName: xml.Name{
Local: "saml:Assertion",
},
XS: "http://www.w3.org/2001/XMLSchema",
XSI: "http://www.w3.org/2001/XMLSchema-instance",
SAML: "urn:oasis:names:tc:SAML:2.0:assertion",
Version: "2.0",
ID: util.ID(),
IssueInstant: time.Now().UTC().Format(time.RFC3339Nano),
Issuer: Issuer{
XMLName: xml.Name{
Local: "saml:Issuer",
},
Url: "", // caller must populate ar.AppSettings.AssertionConsumerServiceURL,
},
Subject: Subject{
XMLName: xml.Name{
Local: "saml:Subject",
},
NameID: NameID{
XMLName: xml.Name{
Local: "saml:NameID",
},
Format: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
Value: "",
},
SubjectConfirmation: SubjectConfirmation{
XMLName: xml.Name{
Local: "saml:SubjectConfirmation",
},
Method: "urn:oasis:names:tc:SAML:2.0:cm:bearer",
SubjectConfirmationData: SubjectConfirmationData{
InResponseTo: "",
NotOnOrAfter: time.Now().Add(time.Minute * 5).UTC().Format(time.RFC3339Nano),
Recipient: "",
},
},
},
Conditions: Conditions{
XMLName: xml.Name{
Local: "saml:Conditions",
},
NotBefore: time.Now().Add(time.Minute * -5).UTC().Format(time.RFC3339Nano),
NotOnOrAfter: time.Now().Add(time.Minute * 5).UTC().Format(time.RFC3339Nano),
},
AttributeStatement: AttributeStatement{
XMLName: xml.Name{
Local: "saml:AttributeStatement",
},
Attributes: []Attribute{},
},
},
}
}
func NewAuthnRequestCustom(sign bool) *AuthnRequest {
id := util.ID()
authReq := &AuthnRequest{
XMLName: xml.Name{
Local: "samlp:AuthnRequest",
},
SAMLP: "urn:oasis:names:tc:SAML:2.0:protocol",
SAML: "urn:oasis:names:tc:SAML:2.0:assertion",
ID: id,
ProtocolBinding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
Version: "2.0",
AssertionConsumerServiceURL: "", // caller must populate ar.AppSettings.AssertionConsumerServiceURL,
Issuer: Issuer{
XMLName: xml.Name{
Local: "saml:Issuer",
},
Url: "", // caller must populate ar.AppSettings.Issuer
},
IssueInstant: time.Now().UTC().Format(time.RFC3339),
NameIDPolicy: &NameIDPolicy{
XMLName: xml.Name{
Local: "samlp:NameIDPolicy",
},
AllowCreate: true,
Format: "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
},
RequestedAuthnContext: &RequestedAuthnContext{
XMLName: xml.Name{
Local: "samlp:RequestedAuthnContext",
},
Comparison: "exact",
AuthnContextClassRef: AuthnContextClassRef{
XMLName: xml.Name{
Local: "saml:AuthnContextClassRef",
},
Transport: "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
},
},
}
if sign {
authReq.SAMLSIG = "http://www.w3.org/2000/09/xmldsig#"
authReq.Signature = make([]Signature, 1, 1)
authReq.Signature[0] = Signature{
XMLName: xml.Name{
Local: "samlsig:Signature",
},
Id: "Signature1",
SignedInfo: SignedInfo{
XMLName: xml.Name{
Local: "samlsig:SignedInfo",
},
CanonicalizationMethod: CanonicalizationMethod{
XMLName: xml.Name{
Local: "samlsig:CanonicalizationMethod",
},
Algorithm: "http://www.w3.org/2001/10/xml-exc-c14n#",
},
SignatureMethod: SignatureMethod{
XMLName: xml.Name{
Local: "samlsig:SignatureMethod",
},
Algorithm: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
},
SamlsigReference: SamlsigReference{
XMLName: xml.Name{
Local: "samlsig:Reference",
},
URI: "#" + id,
Transforms: Transforms{
XMLName: xml.Name{
Local: "samlsig:Transforms",
},
Transforms: []Transform{
{
XMLName: xml.Name{
Local: "samlsig:Transform",
},
Algorithm: "http://www.w3.org/2000/09/xmldsig#enveloped-signature",
},
{
XMLName: xml.Name{
Local: "samlsig:Transform",
},
Algorithm: "http://www.w3.org/2001/10/xml-exc-c14n#",
},
},
},
DigestMethod: DigestMethod{
XMLName: xml.Name{
Local: "samlsig:DigestMethod",
},
Algorithm: "http://www.w3.org/2001/04/xmlenc#sha256",
},
DigestValue: DigestValue{
XMLName: xml.Name{
Local: "samlsig:DigestValue",
},
},
},
},
SignatureValue: SignatureValue{
XMLName: xml.Name{
Local: "samlsig:SignatureValue",
},
},
KeyInfo: KeyInfo{
XMLName: xml.Name{
Local: "samlsig:KeyInfo",
},
X509Data: X509Data{
XMLName: xml.Name{
Local: "samlsig:X509Data",
},
X509Certificate: X509Certificate{
XMLName: xml.Name{
Local: "samlsig:X509Certificate",
},
Cert: "", // caller must populate cert,
},
},
},
}
}
return authReq
}
func NewLogoutRequest(sign bool) *LogoutRequest {
id := util.ID()
logoutReq := &LogoutRequest{
XMLName: xml.Name{
Local: "samlp:LogoutRequest",
},
SAMLP: "urn:oasis:names:tc:SAML:2.0:protocol",
SAML: "urn:oasis:names:tc:SAML:2.0:assertion",
ID: id,
Version: "2.0",
Issuer: Issuer{
XMLName: xml.Name{
Local: "saml:Issuer",
},
Url: "", // caller must populate ar.AppSettings.Issuer
},
IssueInstant: time.Now().UTC().Format(time.RFC3339),
NameID: NameID{
XMLName: xml.Name{
Local: "saml:NameID",
},
Value: "", // caller must populate
},
}
if sign {
logoutReq.SAMLSIG = "http://www.w3.org/2000/09/xmldsig#"
logoutReq.Signature = &Signature{
XMLName: xml.Name{
Local: "samlsig:Signature",
},
Id: "Signature1",
SignedInfo: SignedInfo{
XMLName: xml.Name{
Local: "samlsig:SignedInfo",
},
CanonicalizationMethod: CanonicalizationMethod{
XMLName: xml.Name{
Local: "samlsig:CanonicalizationMethod",
},
Algorithm: "http://www.w3.org/2001/10/xml-exc-c14n#",
},
SignatureMethod: SignatureMethod{
XMLName: xml.Name{
Local: "samlsig:SignatureMethod",
},
Algorithm: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
},
SamlsigReference: SamlsigReference{
XMLName: xml.Name{
Local: "samlsig:Reference",
},
URI: "#" + id,
Transforms: Transforms{
XMLName: xml.Name{
Local: "samlsig:Transforms",
},
Transforms: []Transform{
{
XMLName: xml.Name{
Local: "samlsig:Transform",
},
Algorithm: "http://www.w3.org/2000/09/xmldsig#enveloped-signature",
},
{
XMLName: xml.Name{
Local: "samlsig:Transform",
},
Algorithm: "http://www.w3.org/2001/10/xml-exc-c14n#",
},
},
},
DigestMethod: DigestMethod{
XMLName: xml.Name{
Local: "samlsig:DigestMethod",
},
Algorithm: "http://www.w3.org/2001/04/xmlenc#sha256",
},
DigestValue: DigestValue{
XMLName: xml.Name{
Local: "samlsig:DigestValue",
},
},
},
},
SignatureValue: SignatureValue{
XMLName: xml.Name{
Local: "samlsig:SignatureValue",
},
},
KeyInfo: KeyInfo{
XMLName: xml.Name{
Local: "samlsig:KeyInfo",
},
X509Data: X509Data{
XMLName: xml.Name{
Local: "samlsig:X509Data",
},
X509Certificate: X509Certificate{
XMLName: xml.Name{
Local: "samlsig:X509Certificate",
},
Cert: "", // caller must populate cert,
},
},
},
}
}
return logoutReq
}