From 183f20e74592e71c85e88216a8458db5f0b4d724 Mon Sep 17 00:00:00 2001 From: Daniel Petrie Date: Mon, 2 Dec 2019 10:09:23 -0800 Subject: [PATCH] add entityID to serviceProvider --- identity_provider_test.go | 1 + samlidp/samlidp_test.go | 1 + samlsp/middleware_test.go | 1 + samlsp/samlsp.go | 6 ++++++ service_provider.go | 11 ++++++++--- service_provider_test.go | 6 +++++- 6 files changed, 22 insertions(+), 4 deletions(-) diff --git a/identity_provider_test.go b/identity_provider_test.go index cb92415d..8ceef682 100644 --- a/identity_provider_test.go +++ b/identity_provider_test.go @@ -113,6 +113,7 @@ OwJlNCASPZRH/JmF8tX0hoHuAQ== -----END CERTIFICATE----- `) test.SP = ServiceProvider{ + EntityID: "https://sp.example.com/saml2/metadata", Key: test.SPKey, Certificate: test.SPCertificate, MetadataURL: mustParseURL("https://sp.example.com/saml2/metadata"), diff --git a/samlidp/samlidp_test.go b/samlidp/samlidp_test.go index 69a6db7e..3f5e5ccb 100644 --- a/samlidp/samlidp_test.go +++ b/samlidp/samlidp_test.go @@ -114,6 +114,7 @@ OwJlNCASPZRH/JmF8tX0hoHuAQ== -----END CERTIFICATE----- `) test.SP = saml.ServiceProvider{ + EntityID: "https://sp.example.com/saml2/metadata", Key: test.SPKey, Certificate: test.SPCertificate, MetadataURL: mustParseURL("https://sp.example.com/saml2/metadata"), diff --git a/samlsp/middleware_test.go b/samlsp/middleware_test.go index 6f775380..4ad38cba 100644 --- a/samlsp/middleware_test.go +++ b/samlsp/middleware_test.go @@ -110,6 +110,7 @@ func NewMiddlewareTest() *MiddlewareTest { test.Middleware = Middleware{ ServiceProvider: saml.ServiceProvider{ + EntityID: "https://15661444.ngrok.io/saml2/metadata", Key: test.Key, Certificate: test.Certificate, MetadataURL: mustParseURL("https://15661444.ngrok.io/saml2/metadata"), diff --git a/samlsp/samlsp.go b/samlsp/samlsp.go index 46804214..bb164d51 100644 --- a/samlsp/samlsp.go +++ b/samlsp/samlsp.go @@ -21,6 +21,7 @@ const defaultTokenMaxAge = time.Hour // Options represents the parameters for creating a new middleware type Options struct { + EntityID string URL url.URL Key *rsa.PrivateKey Logger logger.Interface @@ -55,8 +56,13 @@ func New(opts Options) (*Middleware, error) { tokenMaxAge = defaultTokenMaxAge } + if opts.EntityID == "" { + opts.EntityID = metadataURL.String() + } + m := &Middleware{ ServiceProvider: saml.ServiceProvider{ + EntityID: opts.EntityID, Key: opts.Key, Logger: logr, Certificate: opts.Certificate, diff --git a/service_provider.go b/service_provider.go index a777fc75..236422e1 100644 --- a/service_provider.go +++ b/service_provider.go @@ -51,6 +51,10 @@ const ( // See the example directory for an example of a web application using // the service provider interface. type ServiceProvider struct { + + // Entity ID + EntityID string + // Key is the RSA private key we use to sign requests. Key *rsa.PrivateKey @@ -148,7 +152,7 @@ func (sp *ServiceProvider) Metadata() *EntityDescriptor { } return &EntityDescriptor{ - EntityID: sp.MetadataURL.String(), + EntityID: sp.EntityID, ValidUntil: validUntil, SPSSODescriptors: []SPSSODescriptor{ @@ -308,7 +312,7 @@ func (sp *ServiceProvider) MakeAuthenticationRequest(idpURL string) (*AuthnReque Version: "2.0", Issuer: &Issuer{ Format: "urn:oasis:names:tc:SAML:2.0:nameid-format:entity", - Value: sp.MetadataURL.String(), + Value: sp.EntityID, }, NameIDPolicy: &NameIDPolicy{ AllowCreate: &allowCreate, @@ -467,6 +471,7 @@ func (sp *ServiceProvider) ParseResponse(req *http.Request, possibleRequestIDs [ } retErr.Response = string(rawResponseBuf) assertion, err := sp.ParseXMLResponse(rawResponseBuf, possibleRequestIDs) + // fmt.Printf("\n\n%+v\n\n", err.(*InvalidResponseError).PrivateErr) if err != nil { return nil, err } @@ -788,7 +793,7 @@ func (sp *ServiceProvider) MakeLogoutRequest(idpURL, nameID string) (*LogoutRequ Destination: idpURL, Issuer: &Issuer{ Format: "urn:oasis:names:tc:SAML:2.0:nameid-format:entity", - Value: sp.MetadataURL.String(), + Value: sp.EntityID, }, NameID: &NameID{ Format: sp.nameIDFormat(), diff --git a/service_provider_test.go b/service_provider_test.go index ce370edc..d7d74883 100644 --- a/service_provider_test.go +++ b/service_provider_test.go @@ -12,7 +12,7 @@ import ( "time" "github.com/beevik/etree" - dsig "github.com/russellhaering/goxmldsig" + "github.com/russellhaering/goxmldsig" "github.com/stretchr/testify/assert" "github.com/crewjam/saml/testsaml" @@ -101,6 +101,7 @@ func TestSPCanSetAuthenticationNameIDFormat(t *testing.T) { func TestSPCanProduceMetadata(t *testing.T) { test := NewServiceProviderTest() s := ServiceProvider{ + EntityID: "https://example.com/saml2/metadata", Key: test.Key, Certificate: test.Certificate, MetadataURL: mustParseURL("https://example.com/saml2/metadata"), @@ -144,6 +145,7 @@ func TestSPCanProduceMetadata(t *testing.T) { func TestCanProduceMetadataNoSigningKey(t *testing.T) { test := NewServiceProviderTest() s := ServiceProvider{ + EntityID: "https://example.com/saml2/metadata", MetadataURL: mustParseURL("https://example.com/saml2/metadata"), AcsURL: mustParseURL("https://example.com/saml2/acs"), IDPMetadata: &EntityDescriptor{}, @@ -171,6 +173,7 @@ func TestSPCanProduceRedirectRequest(t *testing.T) { } Clock = dsig.NewFakeClockAt(TimeNow()) s := ServiceProvider{ + EntityID: "https://15661444.ngrok.io/saml2/metadata", Key: test.Key, Certificate: test.Certificate, MetadataURL: mustParseURL("https://15661444.ngrok.io/saml2/metadata"), @@ -203,6 +206,7 @@ func TestSPCanProducePostRequest(t *testing.T) { return rv } s := ServiceProvider{ + EntityID: "https://15661444.ngrok.io/saml2/metadata", Key: test.Key, Certificate: test.Certificate, MetadataURL: mustParseURL("https://15661444.ngrok.io/saml2/metadata"),