-
Notifications
You must be signed in to change notification settings - Fork 0
/
websso.go
68 lines (57 loc) · 1.65 KB
/
websso.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
package main
import (
"github.com/crewjam/saml/samlsp"
"github.com/TykTechnologies/tyk/log"
"net/http"
)
var (
logger = log.Get()
)
var Middleware *samlsp.Middleware
type SAMLConfig struct {
IDPMetadataURL string
CertFile string
KeyFile string
ForceAuthentication bool
SAMLBinding string
BaseURL string
SPMetadataURL string
SPAcsURL string
SPSloURL string
SessionJWTAud string
SessionJWTIss string
SessionJWTKeyFile string
SessionJWTMaxAge int
}
// SAMLWebSSO is HTTP middleware that requires that each request be
// associated with a valid session. If the request is not associated with a valid
// session, then rather than serve the request, the middleware redirects the user
// to start the SAML auth flow.
//
func SAMLWebSSO(w http.ResponseWriter, r *http.Request) {
logger.Info(r.URL.Path)
logger.Info(Middleware.ServiceProvider.AcsURL.Path)
if r.URL.Path == Middleware.ServiceProvider.MetadataURL.Path {
logger.Info("Serving metadata")
Middleware.ServeHTTP(w, r)
return
}
if r.URL.Path == Middleware.ServiceProvider.AcsURL.Path {
logger.Info("ACS called - checking assertion")
Middleware.ServeHTTP(w, r)
return
}
session, err := Middleware.Session.GetSession(r)
if session != nil {
logger.Info("Session found adding to request")
r = r.WithContext(samlsp.ContextWithSession(r.Context(), session))
token, _ := r.Cookie("token")
r.Header.Set("Authorization", "bearer "+token.Value)
return
}
if err == samlsp.ErrNoSession {
logger.Info("No session found starting auth flow")
Middleware.HandleStartAuthFlow(w, r)
return
}
}