Skip to content
Go package for SPID authentication
Go
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.circleci Yet one more fix for CircleCI config Mar 26, 2019
example
spidsaml
.gitignore Remove .vscode from repository Dec 7, 2018
AUTHORS
LICENSE
README.md Update README.md Mar 29, 2019

README.md

spid-go

Golang package for SPID authentication

Join the #spid-go channel Get invited SPID on forum.italia.it CircleCI

This Go package is aimed at implementing SPID Service Providers. SPID is the Italian digital identity system, which enables citizens to access all public services with single set of credentials. This module provides a layer of abstraction over the SAML protocol by exposing just the subset required in order to implement SPID authentication in a web application.

Getting Started

The example/ directory contains a demo web application. Just follow these steps in order to test it quickly:

  1. Install the go-xmlsec dependency. While go get should get everything else you need, go-xmlsec depends on a C library so you should install it manually. It's quick. See its README for details. (You might need to run export CGO_CFLAGS_ALLOW=".*" first to make it compile correctly.)

  2. Run the demo application:

    cd example/
    go run service.go
  3. Connect to http://localhost:8000/metadata and grab the metadata of the demo Service Provider.

  4. Configure spid-testenv2 and load the above Service Provider metadata into it.

  5. Launch http://localhost:8000 and enjoy your SPID demo.

Features


Compliance with SPID regulations (for Service Providers)
Metadata:
parsing of IdP XML metadata (1.2.2.4)
support for multiple signing certificates in IdP XML metadata (1.2.2.4)
parsing of AA XML metadata (2.2.4)
SP XML metadata generation (1.3.2)
AuthnRequest generation (1.2.2.1):
generation of AuthnRequest XML
HTTP-Redirect binding
HTTP-POST binding
AssertionConsumerServiceURL customization
AssertionConsumerServiceIndex customization
AttributeConsumingServiceIndex customization
AuthnContextClassRef (SPID level) customization
RequestedAuthnContext/@Comparison customization
RelayState customization (1.2.2)
Response/Assertion parsing
verification of Signature value (if any)
verification of Signature certificate (if any) against IdP/AA metadata
verification of Assertion/Signature value
verification of Assertion/Signature certificate against IdP/AA metadata
verification of SubjectConfirmationData/@Recipient
verification of SubjectConfirmationData/@NotOnOrAfter
verification of SubjectConfirmationData/@InResponseTo
verification of Issuer
verification of Assertion/Issuer
verification of Destination
verification of Conditions/@NotBefore
verification of Conditions/@NotOnOrAfter
verification of Audience
parsing of Response with no Assertion (authentication/query failure)
parsing of failure StatusCode (Requester/Responder)
Response/Assertion parsing for SSO (1.2.1, 1.2.2.2, 1.3.1):
parsing of NameID
parsing of AuthnContextClassRef (SPID level)
parsing of attributes
Response/Assertion parsing for attribute query (2.2.2.2, 2.3.1):
parsing of attributes
LogoutRequest generation (for SP-initiated logout):
generation of LogoutRequest XML
HTTP-Redirect binding
HTTP-POST binding
LogoutResponse parsing (for SP-initiated logout):
parsing of LogoutResponse XML
verification of Response/Signature value (if any)
verification of Response/Signature certificate (if any) against IdP metadata
verification of Issuer
verification of Destination
PartialLogout detection
LogoutRequest parsing (for third-party-initiated logout):
parsing of LogoutRequest XML
verification of Response/Signature value (if any)
verification of Response/Signature certificate (if any) against IdP metadata
verification of Issuer
verification of Destination
parsing of NameID
LogoutResponse generation (for third-party-initiated logout):
generation of LogoutResponse XML
HTTP-Redirect binding
HTTP-POST binding
PartialLogout customization
AttributeQuery generation (2.2.2.1):
generation of AttributeQuery XML
SOAP binding (client)

Compliance with SPID regulations (for Attribute Authorities)
Metadata:
parsing of SP XML metadata (1.3.2)
AA XML metadata generation (2.2.4)
AttributeQuery parsing (2.2.2.1):
parsing of AttributeQuery XML
verification of Signature value
verification of Signature certificate against SP metadata
verification of Issuer
verification of Destination
parsing of Subject/NameID
parsing of requested attributes
Response/Assertion generation (2.2.2.2):
generation of Response/Assertion XML
Signature

More features

  • Generation of SPID button markup

See also

Authors

You can’t perform that action at this time.