forked from crewjam/saml
/
trivial.go
55 lines (47 loc) · 1.2 KB
/
trivial.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
package main
import (
"context"
"crypto/rsa"
"crypto/tls"
"crypto/x509"
"fmt"
"net/http"
"net/url"
"github.com/JBake/saml/samlsp"
)
func hello(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "Hello, %s!", samlsp.AttributeFromContext(r.Context(), "cn"))
}
func main() {
keyPair, err := tls.LoadX509KeyPair("myservice.cert", "myservice.key")
if err != nil {
panic(err) // TODO handle error
}
keyPair.Leaf, err = x509.ParseCertificate(keyPair.Certificate[0])
if err != nil {
panic(err) // TODO handle error
}
rootURL, _ := url.Parse("http://localhost:8000")
idpMetadataURL, _ := url.Parse("https://samltest.id/saml/idp")
idpMetadata, err := samlsp.FetchMetadata(
context.Background(),
http.DefaultClient,
*idpMetadataURL)
if err != nil {
panic(err) // TODO handle error
}
samlSP, err := samlsp.New(samlsp.Options{
URL: *rootURL,
IDPMetadata: idpMetadata,
Key: keyPair.PrivateKey.(*rsa.PrivateKey),
Certificate: keyPair.Leaf,
SignRequest: true,
})
if err != nil {
panic(err) // TODO handle error
}
app := http.HandlerFunc(hello)
http.Handle("/hello", samlSP.RequireAccount(app))
http.Handle("/saml/", samlSP)
http.ListenAndServe(":8000", nil)
}