All geek questions in one place

Is there a SAML library for the Go language?

I see that the goauth and go-oauth OAuth libraries were written for the Go programming language , but after a couple of hours of searching the Internet, nothing appears for SAML .

I would like to use Go to implement SSO support using SAML for the web service, but without the SAML library for Go it seems like I have to β€œwrap” SAML logic in a separate service implemented in another language.

Does anyone know about the Go-friendly SAML library, or maybe some trick to use the Java, C or PHP library from the Go program?

+5
source share
3 answers

I used gosaml and it works very well, but there is go-saml from robots and pencils.

I realized that in a year it would be nice to answer this question, because it would be nice to have some kind of answer here for people who are looking for SAML libraries for Go.

+7
source

I have not seen the SAML implementation for Go, but you can use a server that already implements it in front of your application.

One of the best supported SAML implementations is Shibboleth . The apache module is the most mature and probably the easiest method to use, since you just put your application behind a reverse proxy in apache. There is also a fastcgi authenticator that uses the same backend, but I cannot talk about its ease of implementation.

If you just need a service provider, the easiest SAML binding is HTTP-POST-SimpleSign. I made a proof of conceptual implementation in python to try to demonstrate the simplest SP I could do. I do not claim to be reliable this module, but you can see that this can be done with not too much code. This assumes that the Identity providers you work with support this binding. And, as always, be careful when deploying any custom security-related code.

+4
source

If you want to check SAML responses from AWS IdP at the claims endpoint, it is best to use https://github.com/crewjam/saml , since it does not rely on the libxmlsec1 system library.

For some reason, libxmlsec1 does not check SAML responses from some IdPs (AWS) successfully (presumably due to some undefined namespaces).

0
source

Source: https://habr.com/ru/post/1432840/

More articles:


All Articles