From 9764f5bf7e6294f0794fa9a6dafd326b083db4d9 Mon Sep 17 00:00:00 2001
From: Philipp Hug <philipp@hug.cx>
Date: Thu, 10 Sep 2015 12:37:10 +0200
Subject: [PATCH 1/3] allow non-signed requests

---
 README.md       |  3 ++-
 authnrequest.go | 19 +++++++++++++++++++
 saml.go         | 17 ++++++++++-------
 3 files changed, 31 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index cf67b25..df9806b 100644
--- a/README.md
+++ b/README.md
@@ -9,7 +9,7 @@ Inspired by the early work of [Matt Baird](https://github.com/mattbaird/gosaml).
 
 The library supports:
 
-* generating signed AuthnRequests
+* generating signed/unsigned AuthnRequests
 * validating signed AuthnRequests
 * generating service provider metadata
 * generating signed Responses
@@ -40,6 +40,7 @@ sp := saml.ServiceProviderSettings{
   IDPSSOURL:                   "http://idp/saml2",
   IDPSSODescriptorURL:         "http://idp/issuer",
   IDPPublicCertPath:           "idpcert.crt",
+  SPSignRequest:               "true",
   AssertionConsumerServiceURL: "http://localhost:8000/saml_consume",
 }
 sp.Init()
diff --git a/authnrequest.go b/authnrequest.go
index 99bcd99..455e0b5 100644
--- a/authnrequest.go
+++ b/authnrequest.go
@@ -257,3 +257,22 @@ func (r *AuthnRequest) CompressedEncodedSignedString(privateKeyPath string) (str
 	b64XML := base64.StdEncoding.EncodeToString(compressed)
 	return b64XML, nil
 }
+
+func (r *AuthnRequest) EncodedString() (string, error) {
+	saml, err := r.String()
+	if err != nil {
+		return "", err
+	}
+	b64XML := base64.StdEncoding.EncodeToString([]byte(saml))
+	return b64XML, nil
+}
+
+func (r *AuthnRequest) CompressedEncodedString() (string, error) {
+	saml, err := r.String()
+	if err != nil {
+		return "", err
+	}
+	compressed := util.Compress([]byte(saml))
+	b64XML := base64.StdEncoding.EncodeToString(compressed)
+	return b64XML, nil
+}
diff --git a/saml.go b/saml.go
index 8468038..4ba8f64 100644
--- a/saml.go
+++ b/saml.go
@@ -12,6 +12,7 @@ type ServiceProviderSettings struct {
 	IDPSSODescriptorURL         string
 	IDPPublicCertPath           string
 	AssertionConsumerServiceURL string
+        SPSignRequest               bool
 
 	hasInit       bool
 	publicCert    string
@@ -28,14 +29,16 @@ func (s *ServiceProviderSettings) Init() (err error) {
 	}
 	s.hasInit = true
 
-	s.publicCert, err = util.LoadCertificate(s.PublicCertPath)
-	if err != nil {
-		panic(err)
-	}
+        if s.SPSignRequest {
+		s.publicCert, err = util.LoadCertificate(s.PublicCertPath)
+		if err != nil {
+			panic(err)
+		}
 
-	s.privateKey, err = util.LoadCertificate(s.PrivateKeyPath)
-	if err != nil {
-		panic(err)
+		s.privateKey, err = util.LoadCertificate(s.PrivateKeyPath)
+		if err != nil {
+			panic(err)
+		}
 	}
 
 	s.iDPPublicCert, err = util.LoadCertificate(s.IDPPublicCertPath)

From 5859c4731833a4851fa89827b81616841b7714ef Mon Sep 17 00:00:00 2001
From: Philipp Hug <philipp@hug.cx>
Date: Thu, 10 Sep 2015 12:21:09 +0200
Subject: [PATCH 2/3] add RelayState

---
 authnrequest.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/authnrequest.go b/authnrequest.go
index 455e0b5..3c826a6 100644
--- a/authnrequest.go
+++ b/authnrequest.go
@@ -91,7 +91,7 @@ func (s *ServiceProviderSettings) GetAuthnRequest() *AuthnRequest {
 }
 
 // GetAuthnRequestURL generate a URL for the AuthnRequest to the IdP with the SAMLRequst parameter encoded
-func GetAuthnRequestURL(baseURL string, b64XML string) (string, error) {
+func GetAuthnRequestURL(baseURL string, b64XML string, state string) (string, error) {
 	u, err := url.Parse(baseURL)
 	if err != nil {
 		return "", err
@@ -99,6 +99,7 @@ func GetAuthnRequestURL(baseURL string, b64XML string) (string, error) {
 
 	q := u.Query()
 	q.Add("SAMLRequest", b64XML)
+	q.Add("RelayState", state)
 	u.RawQuery = q.Encode()
 	return u.String(), nil
 }

From 4addebf7dc4cba7695c8ed9b467263517cf7bbe0 Mon Sep 17 00:00:00 2001
From: Philipp Hug <philipp@hug.cx>
Date: Thu, 10 Sep 2015 19:02:28 +0200
Subject: [PATCH 3/3] simple test for unsigned requests

---
 authnrequest_test.go | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/authnrequest_test.go b/authnrequest_test.go
index 9ff139f..2940080 100644
--- a/authnrequest_test.go
+++ b/authnrequest_test.go
@@ -15,6 +15,7 @@ func TestGetSignedRequest(t *testing.T) {
 		IDPSSODescriptorURL:         "http://www.onelogin.net",
 		IDPPublicCertPath:           "./default.crt",
 		AssertionConsumerServiceURL: "http://localhost:8000/auth/saml/name",
+		SPSignRequest:               true,
 	}
 	err := sp.Init()
 	assert.NoError(err)
@@ -28,3 +29,21 @@ func TestGetSignedRequest(t *testing.T) {
 	err = VerifyRequestSignature(signedXML, sp.PublicCertPath)
 	assert.NoError(err)
 }
+
+func TestGetUnsignedRequest(t *testing.T) {
+	assert := assert.New(t)
+	sp := ServiceProviderSettings{
+		IDPSSOURL:                   "http://www.onelogin.net",
+		IDPSSODescriptorURL:         "http://www.onelogin.net",
+		IDPPublicCertPath:           "./default.crt",
+		AssertionConsumerServiceURL: "http://localhost:8000/auth/saml/name",
+		SPSignRequest:               false,
+	}
+	err := sp.Init()
+	assert.NoError(err)
+
+	// Construct an AuthnRequest
+	authnRequest := sp.GetAuthnRequest()
+	assert.NoError(err)
+	assert.NotEmpty(authnRequest)
+}