// SSOCreateInitialRequest creates a SAMLRequest given the tp Testparams
func (tp *Testparams) SSOCreateInitialRequest() {

	tp.IdpentityID = tp.Idpmd.Query1(nil, "@entityID")

	tp.Initialrequest = gosaml.NewAuthnRequest(gosaml.IdAndTiming{time.Now(), 4 * time.Minute, 4 * time.Hour, "", ""}, tp.Spmd, tp.Firstidpmd)
	// add scoping element if we want to bypass discovery
	if tp.Usescope {
		tp.Initialrequest.QueryDashP(nil, "./samlp:Scoping/samlp:IDPList/samlp:IDPEntry/@ProviderID", tp.IdpentityID, nil)
	}
	return
}
Exemplo n.º 2
0
func birkService(w http.ResponseWriter, r *http.Request) (err error) {
	defer r.Body.Close()
	// get the sp as well to check for allowed acs
	req, _, mdbirkidp, err := gosaml.GetSAMLMsg(r, "SAMLRequest", edugain, edugain, nil)
	if err != nil {
		return
	}
	// Save the request in a cookie for when the response comes back
	cookievalue := base64.StdEncoding.EncodeToString(gosaml.Deflate(req.X2s()))
	http.SetCookie(w, &http.Cookie{Name: "BIRK", Value: cookievalue, Domain: config["HYBRID_DOMAIN"], Path: "/", Secure: true, HttpOnly: true})

	idp := debify.ReplaceAllString(mdbirkidp.Query1(nil, "@entityID"), "$1$2")
	mdidp, err := hub_ops.MDQ(idp)
	mdhub, err := hub.MDQ(config["HYBRID_HUB"])
	// use a std request - we take care of NameID etc in acsService below
	newrequest := gosaml.NewAuthnRequest(stdtiming.Refresh(), mdhub, mdidp)
	// to-do delete the following line when md for the hub is OK
	newrequest.QueryDashP(nil, "@AssertionConsumerServiceURL", config["HYBRID_HUB"]+config["HYBRID_ACS"], nil)
	u, _ := gosaml.SAMLRequest2Url(newrequest, "", "", "") // not signed so blank key, pw and algo
	http.Redirect(w, r, u.String(), http.StatusFound)
	return
}