func NewAuthnRequest() *AuthnRequest {
id := util.ID()
return &AuthnRequest{
XMLName: xml.Name{
Local: "samlp:AuthnRequest",
},
SAMLP: "urn:oasis:names:tc:SAML:2.0:protocol",
SAML: "urn:oasis:names:tc:SAML:2.0:assertion",
SAMLSIG: "http://www.w3.org/2000/09/xmldsig#",
ID: id,
ProtocolBinding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
Version: "2.0",
AssertionConsumerServiceURL: "", // caller must populate ar.AppSettings.AssertionConsumerServiceURL,
Issuer: Issuer{
XMLName: xml.Name{
Local: "saml:Issuer",
},
Url: "", // caller must populate ar.AppSettings.Issuer
SAML: "urn:oasis:names:tc:SAML:2.0:assertion",
},
IssueInstant: time.Now().UTC().Format(time.RFC3339Nano),
NameIDPolicy: NameIDPolicy{
XMLName: xml.Name{
Local: "samlp:NameIDPolicy",
},
AllowCreate: true,
Format: "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
},
RequestedAuthnContext: RequestedAuthnContext{
XMLName: xml.Name{
Local: "samlp:RequestedAuthnContext",
},
SAMLP: "urn:oasis:names:tc:SAML:2.0:protocol",
Comparison: "exact",
AuthnContextClassRef: AuthnContextClassRef{
XMLName: xml.Name{
Local: "saml:AuthnContextClassRef",
},
SAML: "urn:oasis:names:tc:SAML:2.0:assertion",
Transport: "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
},
},
Signature: &Signature{
XMLName: xml.Name{
Local: "samlsig:Signature",
},
Id: "Signature1",
SignedInfo: SignedInfo{
XMLName: xml.Name{
Local: "samlsig:SignedInfo",
},
CanonicalizationMethod: CanonicalizationMethod{
XMLName: xml.Name{
Local: "samlsig:CanonicalizationMethod",
},
Algorithm: "http://www.w3.org/2001/10/xml-exc-c14n#",
},
SignatureMethod: SignatureMethod{
XMLName: xml.Name{
Local: "samlsig:SignatureMethod",
},
Algorithm: "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
},
SamlsigReference: SamlsigReference{
XMLName: xml.Name{
Local: "samlsig:Reference",
},
URI: "#" + id,
Transforms: Transforms{
XMLName: xml.Name{
Local: "samlsig:Transforms",
},
Transform: Transform{
XMLName: xml.Name{
Local: "samlsig:Transform",
},
Algorithm: "http://www.w3.org/2000/09/xmldsig#enveloped-signature",
},
},
DigestMethod: DigestMethod{
XMLName: xml.Name{
Local: "samlsig:DigestMethod",
},
Algorithm: "http://www.w3.org/2000/09/xmldsig#sha1",
},
DigestValue: DigestValue{
XMLName: xml.Name{
Local: "samlsig:DigestValue",
},
},
},
},
SignatureValue: SignatureValue{
XMLName: xml.Name{
Local: "samlsig:SignatureValue",
},
},
KeyInfo: KeyInfo{
XMLName: xml.Name{
Local: "samlsig:KeyInfo",
},
X509Data: X509Data{
XMLName: xml.Name{
Local: "samlsig:X509Data",
},
X509Certificate: X509Certificate{
XMLName: xml.Name{
Local: "samlsig:X509Certificate",
},
Cert: "", // caller must populate cert,
},
},
},
},
}
}
func NewSignedResponse() *Response {
return &Response{
XMLName: xml.Name{
Local: "samlp:Response",
},
SAMLP: "urn:oasis:names:tc:SAML:2.0:protocol",
SAML: "urn:oasis:names:tc:SAML:2.0:assertion",
SAMLSIG: "http://www.w3.org/2000/09/xmldsig#",
ID: util.ID(),
Version: "2.0",
IssueInstant: time.Now().UTC().Format(time.RFC3339Nano),
Issuer: Issuer{
XMLName: xml.Name{
Local: "saml:Issuer",
},
Url: "", // caller must populate ar.AppSettings.AssertionConsumerServiceURL,
},
Signature: Signature{
XMLName: xml.Name{
Local: "samlsig:Signature",
},
Id: "Signature1",
SignedInfo: SignedInfo{
XMLName: xml.Name{
Local: "samlsig:SignedInfo",
},
CanonicalizationMethod: CanonicalizationMethod{
XMLName: xml.Name{
Local: "samlsig:CanonicalizationMethod",
},
Algorithm: "http://www.w3.org/2001/10/xml-exc-c14n#",
},
SignatureMethod: SignatureMethod{
XMLName: xml.Name{
Local: "samlsig:SignatureMethod",
},
Algorithm: "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
},
SamlsigReference: SamlsigReference{
XMLName: xml.Name{
Local: "samlsig:Reference",
},
URI: "", // caller must populate "#" + ar.Id,
Transforms: Transforms{
XMLName: xml.Name{
Local: "samlsig:Transforms",
},
Transform: Transform{
XMLName: xml.Name{
Local: "samlsig:Transform",
},
Algorithm: "http://www.w3.org/2000/09/xmldsig#enveloped-signature",
},
},
DigestMethod: DigestMethod{
XMLName: xml.Name{
Local: "samlsig:DigestMethod",
},
Algorithm: "http://www.w3.org/2000/09/xmldsig#sha1",
},
DigestValue: DigestValue{
XMLName: xml.Name{
Local: "samlsig:DigestValue",
},
},
},
},
SignatureValue: SignatureValue{
XMLName: xml.Name{
Local: "samlsig:SignatureValue",
},
},
KeyInfo: KeyInfo{
XMLName: xml.Name{
Local: "samlsig:KeyInfo",
},
X509Data: X509Data{
XMLName: xml.Name{
Local: "samlsig:X509Data",
},
X509Certificate: X509Certificate{
XMLName: xml.Name{
Local: "samlsig:X509Certificate",
},
Cert: "", // caller must populate cert,
},
},
},
},
Status: Status{
XMLName: xml.Name{
Local: "samlp:Status",
},
StatusCode: StatusCode{
XMLName: xml.Name{
Local: "samlp:StatusCode",
},
// TODO unsuccesful responses??
Value: "urn:oasis:names:tc:SAML:2.0:status:Success",
},
},
Assertion: Assertion{
XMLName: xml.Name{
Local: "saml:Assertion",
},
XS: "http://www.w3.org/2001/XMLSchema",
XSI: "http://www.w3.org/2001/XMLSchema-instance",
SAML: "urn:oasis:names:tc:SAML:2.0:assertion",
Version: "2.0",
ID: util.ID(),
IssueInstant: time.Now().UTC().Format(time.RFC3339Nano),
Issuer: Issuer{
XMLName: xml.Name{
Local: "saml:Issuer",
},
Url: "", // caller must populate ar.AppSettings.AssertionConsumerServiceURL,
},
Subject: Subject{
XMLName: xml.Name{
Local: "saml:Subject",
},
NameID: NameID{
XMLName: xml.Name{
Local: "saml:NameID",
},
Format: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
Value: "",
},
SubjectConfirmation: SubjectConfirmation{
XMLName: xml.Name{
Local: "saml:SubjectConfirmation",
},
Method: "urn:oasis:names:tc:SAML:2.0:cm:bearer",
SubjectConfirmationData: SubjectConfirmationData{
InResponseTo: "",
NotOnOrAfter: time.Now().Add(time.Minute * 5).UTC().Format(time.RFC3339Nano),
Recipient: "",
},
},
},
Conditions: Conditions{
XMLName: xml.Name{
Local: "saml:Conditions",
},
NotBefore: time.Now().Add(time.Minute * -5).UTC().Format(time.RFC3339Nano),
NotOnOrAfter: time.Now().Add(time.Minute * 5).UTC().Format(time.RFC3339Nano),
},
AttributeStatement: AttributeStatement{
XMLName: xml.Name{
Local: "saml:AttributeStatement",
},
Attributes: []Attribute{},
},
},
}
}