add entityID to serviceProvider

identity_provider_test.go

@@ -113,6 +113,7 @@ OwJlNCASPZRH/JmF8tX0hoHuAQ==
 -----END CERTIFICATE-----
 `)
 	test.SP = ServiceProvider{
+		EntityID:    "https://sp.example.com/saml2/metadata",
 		Key:         test.SPKey,
 		Certificate: test.SPCertificate,
 		MetadataURL: mustParseURL("https://sp.example.com/saml2/metadata"),

samlidp/samlidp_test.go

@@ -114,6 +114,7 @@ OwJlNCASPZRH/JmF8tX0hoHuAQ==
 -----END CERTIFICATE-----
 `)
 	test.SP = saml.ServiceProvider{
+		EntityID:    "https://sp.example.com/saml2/metadata",
 		Key:         test.SPKey,
 		Certificate: test.SPCertificate,
 		MetadataURL: mustParseURL("https://sp.example.com/saml2/metadata"),

samlsp/middleware_test.go

@@ -110,6 +110,7 @@ func NewMiddlewareTest() *MiddlewareTest {
 
 	test.Middleware = Middleware{
 		ServiceProvider: saml.ServiceProvider{
+			EntityID:    "https://15661444.ngrok.io/saml2/metadata",
 			Key:         test.Key,
 			Certificate: test.Certificate,
 			MetadataURL: mustParseURL("https://15661444.ngrok.io/saml2/metadata"),

samlsp/samlsp.go

@@ -21,6 +21,7 @@ const defaultTokenMaxAge = time.Hour
 
 // Options represents the parameters for creating a new middleware
 type Options struct {
+	EntityID          string
 	URL               url.URL
 	Key               *rsa.PrivateKey
 	Logger            logger.Interface
@@ -55,8 +56,13 @@ func New(opts Options) (*Middleware, error) {
 		tokenMaxAge = defaultTokenMaxAge
 	}
 
+	if opts.EntityID == "" {
+		opts.EntityID = metadataURL.String()
+	}
+
 	m := &Middleware{
 		ServiceProvider: saml.ServiceProvider{
+			EntityID: 		   opts.EntityID,
 			Key:               opts.Key,
 			Logger:            logr,
 			Certificate:       opts.Certificate,

service_provider.go

@@ -51,6 +51,10 @@ const (
 // See the example directory for an example of a web application using
 // the service provider interface.
 type ServiceProvider struct {
+
+	// Entity ID
+	EntityID string
+
 	// Key is the RSA private key we use to sign requests.
 	Key *rsa.PrivateKey
 
@@ -148,7 +152,7 @@ func (sp *ServiceProvider) Metadata() *EntityDescriptor {
 	}
 
 	return &EntityDescriptor{
-		EntityID:   sp.MetadataURL.String(),
+		EntityID:   sp.EntityID,
 		ValidUntil: validUntil,
 
 		SPSSODescriptors: []SPSSODescriptor{
@@ -308,7 +312,7 @@ func (sp *ServiceProvider) MakeAuthenticationRequest(idpURL string) (*AuthnReque
 		Version:                     "2.0",
 		Issuer: &Issuer{
 			Format: "urn:oasis:names:tc:SAML:2.0:nameid-format:entity",
-			Value:  sp.MetadataURL.String(),
+			Value:  sp.EntityID,
 		},
 		NameIDPolicy: &NameIDPolicy{
 			AllowCreate: &allowCreate,
@@ -467,6 +471,7 @@ func (sp *ServiceProvider) ParseResponse(req *http.Request, possibleRequestIDs [
 	}
 	retErr.Response = string(rawResponseBuf)
 	assertion, err := sp.ParseXMLResponse(rawResponseBuf, possibleRequestIDs)
+	// fmt.Printf("\n\n%+v\n\n", err.(*InvalidResponseError).PrivateErr)
 	if err != nil {
 		return nil, err
 	}
@@ -788,7 +793,7 @@ func (sp *ServiceProvider) MakeLogoutRequest(idpURL, nameID string) (*LogoutRequ
 		Destination:  idpURL,
 		Issuer: &Issuer{
 			Format: "urn:oasis:names:tc:SAML:2.0:nameid-format:entity",
-			Value:  sp.MetadataURL.String(),
+			Value:  sp.EntityID,
 		},
 		NameID: &NameID{
 			Format:          sp.nameIDFormat(),

service_provider_test.go

@@ -12,7 +12,7 @@ import (
 	"time"
 
 	"github.com/beevik/etree"
-	dsig "github.com/russellhaering/goxmldsig"
+	"github.com/russellhaering/goxmldsig"
 	"github.com/stretchr/testify/assert"
 
 	"github.com/crewjam/saml/testsaml"
@@ -101,6 +101,7 @@ func TestSPCanSetAuthenticationNameIDFormat(t *testing.T) {
 func TestSPCanProduceMetadata(t *testing.T) {
 	test := NewServiceProviderTest()
 	s := ServiceProvider{
+		EntityID:    "https://example.com/saml2/metadata",
 		Key:         test.Key,
 		Certificate: test.Certificate,
 		MetadataURL: mustParseURL("https://example.com/saml2/metadata"),
@@ -144,6 +145,7 @@ func TestSPCanProduceMetadata(t *testing.T) {
 func TestCanProduceMetadataNoSigningKey(t *testing.T) {
 	test := NewServiceProviderTest()
 	s := ServiceProvider{
+		EntityID:    "https://example.com/saml2/metadata",
 		MetadataURL: mustParseURL("https://example.com/saml2/metadata"),
 		AcsURL:      mustParseURL("https://example.com/saml2/acs"),
 		IDPMetadata: &EntityDescriptor{},
@@ -171,6 +173,7 @@ func TestSPCanProduceRedirectRequest(t *testing.T) {
 	}
 	Clock = dsig.NewFakeClockAt(TimeNow())
 	s := ServiceProvider{
+		EntityID:    "https://15661444.ngrok.io/saml2/metadata",
 		Key:         test.Key,
 		Certificate: test.Certificate,
 		MetadataURL: mustParseURL("https://15661444.ngrok.io/saml2/metadata"),
@@ -203,6 +206,7 @@ func TestSPCanProducePostRequest(t *testing.T) {
 		return rv
 	}
 	s := ServiceProvider{
+		EntityID:    "https://15661444.ngrok.io/saml2/metadata",
 		Key:         test.Key,
 		Certificate: test.Certificate,
 		MetadataURL: mustParseURL("https://15661444.ngrok.io/saml2/metadata"),