Added configuration for token cookie name (#32)

itzg · Jun 24, 2022 · d89c5f6 · d89c5f6
1 parent 78a8576
commit d89c5f6
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 9 deletions.
diff --git a/README.md b/README.md
@@ -11,8 +11,8 @@ Provides a SAML SP authentication proxy for backend web services
         If set, allows for IdP initiated authentication flow (env SAML_PROXY_ALLOW_IDP_INITIATED)
   -attribute-header-mappings attribute=header
         Comma separated list of attribute=header pairs mapping SAML IdP response attributes to forwarded request header (env SAML_PROXY_ATTRIBUTE_HEADER_MAPPINGS)
-  -attribute-header-wildcard
-        Maps all SAML attributes with this option as a prefix (env SAML_PROXY_ATTRIBUTE_HEADER_WILDCARD)
+  -attribute-header-wildcard string
+         (env SAML_PROXY_ATTRIBUTE_HEADER_WILDCARD)
   -authorize-attribute attribute
         Enables authorization and specifies the attribute to check for authorized values (env SAML_PROXY_AUTHORIZE_ATTRIBUTE)
   -authorize-values values
@@ -23,16 +23,22 @@ Provides a SAML SP authentication proxy for backend web services
         External URL of this proxy (env SAML_PROXY_BASE_URL)
   -bind host:port
         host:port to bind for serving HTTP (env SAML_PROXY_BIND) (default ":8080")
-  -cookie-max-age duration
-        Specifies the amount of time the authentication token will remain valid (env SAML_PROXY_COOKIE_MAX_AGE) (default 2h0m0s)
   -cookie-domain string
         Overrides the domain set on the session cookie. By default the BaseUrl host is used. (env SAML_PROXY_COOKIE_DOMAIN)
+  -cookie-max-age duration
+        Specifies the amount of time the authentication token will remain valid (env SAML_PROXY_COOKIE_MAX_AGE) (default 2h0m0s) 
+  -cookie-name string
+        Name of the cookie that tracks session token (env SAML_PROXY_COOKIE_NAME) (default "token")
   -idp-ca-path path
         Optional path to a CA certificate PEM file for the IdP (env SAML_PROXY_IDP_CA_PATH)
   -idp-metadata-url URL
         URL of the IdP's metadata XML, can be a local file by specifying the file:// scheme (env SAML_PROXY_IDP_METADATA_URL)
   -name-id-format string
         One of unspecified, transient, email, or persistent to use a standard format or give a full URN of the name ID format (env SAML_PROXY_NAME_ID_FORMAT) (default "transient")
+  -idp-metadata-url URL
+        URL of the IdP's metadata XML, can be a local file by specifying the file:// scheme (env SAML_PROXY_IDP_METADATA_URL)
+  -name-id-format string
+        One of unspecified, transient, email, or persistent to use a standard format or give a full URN of the name ID format (env SAML_PROXY_NAME_ID_FORMAT) (default "transient")
   -name-id-mapping header
         Name of the request header to convey the SAML nameID/subject (env SAML_PROXY_NAME_ID_MAPPING)
   -new-auth-webhook-url URL

diff --git a/server/proxy.go b/server/proxy.go
@@ -105,8 +105,8 @@ func (p *proxy) handler(respOutWriter http.ResponseWriter, reqIn *http.Request)
 	reqOut.Header.Del("Cookie")
 	cookies := reqIn.Cookies()
 	for _, cookie := range cookies {
-		if cookie.Name != tokenCookieName {
-			reqOut.AddCookie(cookie);
+		if cookie.Name != p.config.CookieName {
+			reqOut.AddCookie(cookie)
 		}
 	}
 

diff --git a/server/server.go b/server/server.go
@@ -19,8 +19,6 @@ import (
 
 const fetchMetadataTimeout = 30 * time.Second
 
-const tokenCookieName = "token"
-
 type Config struct {
 	Version                 bool              `usage:"show version and exit" env:""`
 	Bind                    string            `default:":8080" usage:"[host:port] to bind for serving HTTP"`
@@ -37,6 +35,7 @@ type Config struct {
 	NewAuthWebhookUrl       string            `usage:"[URL] of webhook that will get POST'ed when a new authentication is processed"`
 	AuthorizeAttribute      string            `usage:"Enables authorization and specifies the [attribute] to check for authorized values"`
 	AuthorizeValues         []string          `usage:"If enabled, comma separated list of [values] that must be present in the authorize attribute"`
+	CookieName              string            `usage:"Name of the cookie that tracks session token" default:"token"`
 	CookieMaxAge            time.Duration     `usage:"Specifies the amount of time the authentication token will remain valid" default:"2h"`
 	CookieDomain            string            `usage:"Overrides the domain set on the session cookie. By default the BaseUrl host is used."`
 	AllowIdpInitiated       bool              `usage:"If set, allows for IdP initiated authentication flow"`
@@ -109,7 +108,7 @@ func Start(ctx context.Context, cfg *Config) error {
 		cookieDomain = rootUrl.Hostname()
 	}
 	cookieSessionProvider := samlsp.DefaultSessionProvider(samlOpts)
-	cookieSessionProvider.Name = tokenCookieName
+	cookieSessionProvider.Name = cfg.CookieName
 	cookieSessionProvider.Domain = cookieDomain
 	cookieSessionProvider.MaxAge = cfg.CookieMaxAge
 	middleware.Session = cookieSessionProvider