github.com/greenpau/go-authcrunch@v1.1.4/pkg/idp/saml/config.go (about) 1 // Copyright 2022 Paul Greenberg greenpau@outlook.com 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package saml 16 17 import ( 18 "fmt" 19 "github.com/greenpau/go-authcrunch/pkg/authn/icons" 20 "github.com/greenpau/go-authcrunch/pkg/errors" 21 ) 22 23 // Config holds the configuration for the IdentityProvider. 24 type Config struct { 25 // Name is the unique name associated with the IdentityProvider. 26 Name string `json:"name,omitempty" xml:"name,omitempty" yaml:"name,omitempty"` 27 // Realm the authentication realm associated with the IdentityProvider. 28 Realm string `json:"realm,omitempty" xml:"realm,omitempty" yaml:"realm,omitempty"` 29 // Driver is the name of the driver associated with the IdentityProvider, e.g. azure. 30 Driver string `json:"driver,omitempty" xml:"driver,omitempty" yaml:"driver,omitempty"` 31 // IdpMetadataLocation is the path to the Identity Provider metadata. 32 IdpMetadataLocation string `json:"idp_metadata_location,omitempty" xml:"idp_metadata_location,omitempty" yaml:"idp_metadata_location,omitempty"` 33 // IdpSignCertLocation is the path to the Identity Provider signing certificate. 34 IdpSignCertLocation string `json:"idp_sign_cert_location,omitempty" xml:"idp_sign_cert_location,omitempty" yaml:"idp_sign_cert_location,omitempty"` 35 // IdpLoginURL is the SAML authentication endpoint with the Identity Provider. 36 IdpLoginURL string `json:"idp_login_url,omitempty" xml:"idp_login_url,omitempty" yaml:"idp_login_url,omitempty"` 37 // TenantID is the tenant ID associated with the IdentityProvider. 38 TenantID string `json:"tenant_id,omitempty" xml:"tenant_id,omitempty" yaml:"tenant_id,omitempty"` 39 // ApplicationID is the application ID associated with the IdentityProvider. 40 ApplicationID string `json:"application_id,omitempty" xml:"application_id,omitempty" yaml:"application_id,omitempty"` 41 // ApplicationName is the application name associated with the IdentityProvider. 42 ApplicationName string `json:"application_name,omitempty" xml:"application_name,omitempty" yaml:"application_name,omitempty"` 43 // EntityID is the "Identifier (Entity ID)" an administrator 44 // specifies in "Set up Single Sign-On with SAML" in Azure AD 45 // Enterprise Applications. 46 EntityID string `json:"entity_id,omitempty" xml:"entity_id,omitempty" yaml:"entity_id,omitempty"` 47 // AssertionConsumerServiceURLs is the list of URLs server instance is listening 48 // on. These URLs are known as SP Assertion Consumer Service endpoints. For 49 // example, users may access a website via http://app.domain.local. At the 50 // same time the users may access it by IP, e.g. http://10.10.10.10. or 51 // by name, i.e. app. Each of the URLs is a separate endpoint. 52 AssertionConsumerServiceURLs []string `json:"acs_urls,omitempty" xml:"acs_urls,omitempty" yaml:"acs_urls,omitempty"` 53 54 TLSInsecureSkipVerify bool `json:"tls_insecure_skip_verify,omitempty" xml:"tls_insecure_skip_verify,omitempty" yaml:"tls_insecure_skip_verify,omitempty"` 55 56 // LoginIcon is the UI login icon attributes. 57 LoginIcon *icons.LoginIcon `json:"login_icon,omitempty" xml:"login_icon,omitempty" yaml:"login_icon,omitempty"` 58 } 59 60 // Validate validates identity store configuration. 61 func (cfg *Config) Validate() error { 62 if cfg.Name == "" { 63 return errors.ErrIdentityProviderConfigureNameEmpty 64 } 65 if cfg.Realm == "" { 66 return errors.ErrIdentityProviderConfigureRealmEmpty 67 } 68 69 switch cfg.Driver { 70 case "azure": 71 if cfg.TenantID == "" { 72 return errors.ErrIdentityProviderConfig.WithArgs("no tenant id found") 73 } 74 if cfg.ApplicationID == "" { 75 return errors.ErrIdentityProviderConfig.WithArgs("no application id found") 76 } 77 if cfg.ApplicationName == "" { 78 return errors.ErrIdentityProviderConfig.WithArgs("no application name found") 79 } 80 if cfg.IdpMetadataLocation == "" { 81 cfg.IdpMetadataLocation = fmt.Sprintf( 82 "https://login.microsoftonline.com/%s/federationmetadata/2007-06/federationmetadata.xml", 83 cfg.TenantID, 84 ) 85 } 86 cfg.IdpLoginURL = fmt.Sprintf( 87 "https://account.activedirectory.windowsazure.com/applications/signin/%s/%s?tenantId=%s", 88 cfg.ApplicationName, cfg.ApplicationID, cfg.TenantID, 89 ) 90 case "generic": 91 case "": 92 return errors.ErrIdentityProviderConfig.WithArgs("no SAML provider found") 93 default: 94 return errors.ErrIdentityProviderConfig.WithArgs( 95 fmt.Errorf("driver %q is unsupported", cfg.Driver), 96 ) 97 } 98 99 if cfg.IdpLoginURL == "" { 100 return errors.ErrIdentityProviderConfig.WithArgs("IdP Loging URL not found") 101 } 102 103 if len(cfg.AssertionConsumerServiceURLs) < 1 { 104 return errors.ErrIdentityProviderConfig.WithArgs("ACS URLs are missing") 105 } 106 107 if cfg.IdpSignCertLocation == "" { 108 return errors.ErrIdentityProviderConfig.WithArgs("IdP Signing Certificate not found") 109 } 110 111 // Configure UI login icon. 112 if cfg.LoginIcon == nil { 113 cfg.LoginIcon = icons.NewLoginIcon(cfg.Driver) 114 } else { 115 cfg.LoginIcon.Configure(cfg.Driver) 116 } 117 118 return nil 119 }