-
Notifications
You must be signed in to change notification settings - Fork 1
/
samlidp.go
115 lines (93 loc) · 2.45 KB
/
samlidp.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
// Package main contains an example identity provider implementation.
package main
import (
"crypto"
"crypto/tls"
"crypto/x509"
"embed"
"encoding/pem"
"fmt"
"net/http"
"net/url"
"golang.org/x/crypto/bcrypt"
"github.com/crewjam/saml/logger"
"github.com/crewjam/saml/samlidp"
)
//go:embed certs/*
var certs embed.FS
func loadKey() crypto.PrivateKey {
keyBytes, err := certs.ReadFile("certs/key.pem")
if err != nil {
panic(fmt.Sprintf("failed to read key.pem: %v", err))
}
keyBlock, _ := pem.Decode(keyBytes)
if keyBlock == nil {
panic("failed to decode PEM from key.pem")
}
key, err := x509.ParsePKCS8PrivateKey(keyBlock.Bytes)
if err != nil {
panic(fmt.Sprintf("failed to parse private key: %v", err))
}
return key
}
func loadCrt() *x509.Certificate {
crtBytes, err := certs.ReadFile("certs/certificate.pem")
if err != nil {
panic(fmt.Sprintf("failed to read certificate.pem: %v", err))
}
crtBlock, _ := pem.Decode(crtBytes)
if crtBlock == nil {
panic("failed to decode PEM from certificate.pem")
}
crt, err := x509.ParseCertificate(crtBlock.Bytes)
if err != nil {
panic(fmt.Sprintf("failed to parse certificate: %v", err))
}
return crt
}
func main() {
logr := logger.DefaultLogger
samlUrl, _ := url.Parse("https://saml.canonical.test")
idpServer, err := samlidp.New(samlidp.Options{
URL: *samlUrl,
Key: loadKey(),
Logger: logr,
Certificate: loadCrt(),
Store: &samlidp.MemoryStore{},
})
if err != nil {
logr.Fatalf("%s", err)
}
hashedPassword, _ := bcrypt.GenerateFromPassword([]byte("ubuntu"), bcrypt.DefaultCost)
err = idpServer.Store.Put("/users/ubuntu", samlidp.User{
Name: "ubuntu",
HashedPassword: hashedPassword,
Email: "[email protected]",
})
if err != nil {
logr.Fatalf("%s", err)
}
http.Handle("/", idpServer)
go func() {
logr.Fatal(http.ListenAndServe(":80", nil))
}()
certFile, err := certs.ReadFile("certs/certificate.pem")
if err != nil {
panic(fmt.Sprintf("failed to read certificate.pem: %v", err))
}
keyFile, err := certs.ReadFile("certs/key.pem")
if err != nil {
panic(fmt.Sprintf("failed to read certificate.pem: %v", err))
}
cert, err := tls.X509KeyPair(certFile, keyFile)
if err != nil {
panic(fmt.Sprintf("failed to create X509 key pair: %v", err))
}
https := http.Server{
Addr: ":443",
TLSConfig: &tls.Config{
Certificates: []tls.Certificate{cert},
},
}
logr.Fatal(https.ListenAndServeTLS("", ""))
}