/
main.go
67 lines (62 loc) · 1.5 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
package main
import (
"context"
"crypto/rsa"
"crypto/tls"
"crypto/x509"
"fmt"
"net/http"
"net/url"
"github.com/crewjam/saml/samlsp"
)
func hello(w http.ResponseWriter, r *http.Request) {
// fmt.Fprintf(w, "Hello, %w!", samlsp.AttributeFromContext(r.Context(), "displayName"))
s := samlsp.SessionFromContext(r.Context())
if s == nil {
return
}
sa, ok := s.(samlsp.SessionWithAttributes)
if !ok {
return
}
fmt.Fprintf(w, "UserInfo\n")
as := sa.GetAttributes()
for k, v := range as {
fmt.Printf("key: %s value: %s\n", k, v)
fmt.Fprintf(w, "key: %s value: %s\n", k, v)
}
}
func main() {
keyPair, err := tls.LoadX509KeyPair("sp.cert", "sp.key")
if err != nil {
panic(err)
}
keyPair.Leaf, err = x509.ParseCertificate(keyPair.Certificate[0])
if err != nil {
panic(err)
}
idpMetadataURL, err := url.Parse("http://localhost:8080/realms/sample/protocol/saml/descriptor")
if err != nil {
panic(err)
}
idpMetadata, err := samlsp.FetchMetadata(context.Background(), http.DefaultClient, *idpMetadataURL)
if err != nil {
panic(err)
}
rootURL, err := url.Parse("http://localhost:8000")
if err != nil {
panic(err)
}
samlSP, _ := samlsp.New(samlsp.Options{
EntityID: "sample-client",
URL: *rootURL,
Key: keyPair.PrivateKey.(*rsa.PrivateKey),
Certificate: keyPair.Leaf,
IDPMetadata: idpMetadata,
SignRequest: true,
})
app := http.HandlerFunc(hello)
http.Handle("/hello", samlSP.RequireAccount(app))
http.Handle("/saml/", samlSP)
http.ListenAndServe(":8000", nil)
}