func NewAuthnRequest() *AuthnRequest { id := util.ID() return &AuthnRequest{ XMLName: xml.Name{ Local: "samlp:AuthnRequest", }, SAMLP: "urn:oasis:names:tc:SAML:2.0:protocol", SAML: "urn:oasis:names:tc:SAML:2.0:assertion", SAMLSIG: "http://www.w3.org/2000/09/xmldsig#", ID: id, ProtocolBinding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", Version: "2.0", AssertionConsumerServiceURL: "", // caller must populate ar.AppSettings.AssertionConsumerServiceURL, Issuer: Issuer{ XMLName: xml.Name{ Local: "saml:Issuer", }, Url: "", // caller must populate ar.AppSettings.Issuer SAML: "urn:oasis:names:tc:SAML:2.0:assertion", }, IssueInstant: time.Now().UTC().Format(time.RFC3339Nano), NameIDPolicy: NameIDPolicy{ XMLName: xml.Name{ Local: "samlp:NameIDPolicy", }, AllowCreate: true, Format: "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", }, RequestedAuthnContext: RequestedAuthnContext{ XMLName: xml.Name{ Local: "samlp:RequestedAuthnContext", }, SAMLP: "urn:oasis:names:tc:SAML:2.0:protocol", Comparison: "exact", AuthnContextClassRef: AuthnContextClassRef{ XMLName: xml.Name{ Local: "saml:AuthnContextClassRef", }, SAML: "urn:oasis:names:tc:SAML:2.0:assertion", Transport: "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", }, }, Signature: Signature{ XMLName: xml.Name{ Local: "samlsig:Signature", }, Id: "Signature1", SignedInfo: SignedInfo{ XMLName: xml.Name{ Local: "samlsig:SignedInfo", }, CanonicalizationMethod: CanonicalizationMethod{ XMLName: xml.Name{ Local: "samlsig:CanonicalizationMethod", }, Algorithm: "http://www.w3.org/2001/10/xml-exc-c14n#", }, SignatureMethod: SignatureMethod{ XMLName: xml.Name{ Local: "samlsig:SignatureMethod", }, Algorithm: "http://www.w3.org/2000/09/xmldsig#rsa-sha1", }, SamlsigReference: SamlsigReference{ XMLName: xml.Name{ Local: "samlsig:Reference", }, URI: "#" + id, Transforms: Transforms{ XMLName: xml.Name{ Local: "samlsig:Transforms", }, Transform: Transform{ XMLName: xml.Name{ Local: "samlsig:Transform", }, Algorithm: "http://www.w3.org/2000/09/xmldsig#enveloped-signature", }, }, DigestMethod: DigestMethod{ XMLName: xml.Name{ Local: "samlsig:DigestMethod", }, Algorithm: "http://www.w3.org/2000/09/xmldsig#sha1", }, DigestValue: DigestValue{ XMLName: xml.Name{ Local: "samlsig:DigestValue", }, }, }, }, SignatureValue: SignatureValue{ XMLName: xml.Name{ Local: "samlsig:SignatureValue", }, }, KeyInfo: KeyInfo{ XMLName: xml.Name{ Local: "samlsig:KeyInfo", }, X509Data: X509Data{ XMLName: xml.Name{ Local: "samlsig:X509Data", }, X509Certificate: X509Certificate{ XMLName: xml.Name{ Local: "samlsig:X509Certificate", }, Cert: "", // caller must populate cert, }, }, }, }, } }
func NewSignedResponse() *Response { return &Response{ XMLName: xml.Name{ Local: "samlp:Response", }, SAMLP: "urn:oasis:names:tc:SAML:2.0:protocol", SAML: "urn:oasis:names:tc:SAML:2.0:assertion", SAMLSIG: "http://www.w3.org/2000/09/xmldsig#", ID: util.ID(), Version: "2.0", IssueInstant: time.Now().UTC().Format(time.RFC3339Nano), Issuer: Issuer{ XMLName: xml.Name{ Local: "saml:Issuer", }, Url: "", // caller must populate ar.AppSettings.AssertionConsumerServiceURL, }, Signature: Signature{ XMLName: xml.Name{ Local: "samlsig:Signature", }, Id: "Signature1", SignedInfo: SignedInfo{ XMLName: xml.Name{ Local: "samlsig:SignedInfo", }, CanonicalizationMethod: CanonicalizationMethod{ XMLName: xml.Name{ Local: "samlsig:CanonicalizationMethod", }, Algorithm: "http://www.w3.org/2001/10/xml-exc-c14n#", }, SignatureMethod: SignatureMethod{ XMLName: xml.Name{ Local: "samlsig:SignatureMethod", }, Algorithm: "http://www.w3.org/2000/09/xmldsig#rsa-sha1", }, SamlsigReference: SamlsigReference{ XMLName: xml.Name{ Local: "samlsig:Reference", }, URI: "", // caller must populate "#" + ar.Id, Transforms: Transforms{ XMLName: xml.Name{ Local: "samlsig:Transforms", }, Transform: Transform{ XMLName: xml.Name{ Local: "samlsig:Transform", }, Algorithm: "http://www.w3.org/2000/09/xmldsig#enveloped-signature", }, }, DigestMethod: DigestMethod{ XMLName: xml.Name{ Local: "samlsig:DigestMethod", }, Algorithm: "http://www.w3.org/2000/09/xmldsig#sha1", }, DigestValue: DigestValue{ XMLName: xml.Name{ Local: "samlsig:DigestValue", }, }, }, }, SignatureValue: SignatureValue{ XMLName: xml.Name{ Local: "samlsig:SignatureValue", }, }, KeyInfo: KeyInfo{ XMLName: xml.Name{ Local: "samlsig:KeyInfo", }, X509Data: X509Data{ XMLName: xml.Name{ Local: "samlsig:X509Data", }, X509Certificate: X509Certificate{ XMLName: xml.Name{ Local: "samlsig:X509Certificate", }, Cert: "", // caller must populate cert, }, }, }, }, Status: Status{ XMLName: xml.Name{ Local: "samlp:Status", }, StatusCode: StatusCode{ XMLName: xml.Name{ Local: "samlp:StatusCode", }, // TODO unsuccesful responses?? Value: "urn:oasis:names:tc:SAML:2.0:status:Success", }, }, Assertion: Assertion{ XMLName: xml.Name{ Local: "saml:Assertion", }, XS: "http://www.w3.org/2001/XMLSchema", XSI: "http://www.w3.org/2001/XMLSchema-instance", SAML: "urn:oasis:names:tc:SAML:2.0:assertion", Version: "2.0", ID: util.ID(), IssueInstant: time.Now().UTC().Format(time.RFC3339Nano), Issuer: Issuer{ XMLName: xml.Name{ Local: "saml:Issuer", }, Url: "", // caller must populate ar.AppSettings.AssertionConsumerServiceURL, }, Subject: Subject{ XMLName: xml.Name{ Local: "saml:Subject", }, NameID: NameID{ XMLName: xml.Name{ Local: "saml:NameID", }, Format: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", Value: "", }, SubjectConfirmation: SubjectConfirmation{ XMLName: xml.Name{ Local: "saml:SubjectConfirmation", }, Method: "urn:oasis:names:tc:SAML:2.0:cm:bearer", SubjectConfirmationData: SubjectConfirmationData{ InResponseTo: "", NotOnOrAfter: time.Now().Add(time.Minute * 5).UTC().Format(time.RFC3339Nano), Recipient: "", }, }, }, Conditions: Conditions{ XMLName: xml.Name{ Local: "saml:Conditions", }, NotBefore: time.Now().Add(time.Minute * -5).UTC().Format(time.RFC3339Nano), NotOnOrAfter: time.Now().Add(time.Minute * 5).UTC().Format(time.RFC3339Nano), }, AttributeStatement: AttributeStatement{ XMLName: xml.Name{ Local: "saml:AttributeStatement", }, Attributes: []Attribute{}, }, }, } }