Skip to content

Commit

Permalink
fix: relaystate optional (#59)
Browse files Browse the repository at this point in the history
* fix: make relaystate optional

* fix: delete NotBefore in subjectConfirmationData
  • Loading branch information
stebenz authored Sep 15, 2023
1 parent dd53243 commit 020193f
Show file tree
Hide file tree
Showing 4 changed files with 96 additions and 13 deletions.
33 changes: 33 additions & 0 deletions pkg/provider/login_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,39 @@ func TestSSO_loginHandleFunc(t *testing.T) {
state: "",
err: false,
}},
{
"login redirect without RelayState successful",
args{
metadataEndpoint: "/saml/metadata",
issuer: "http://localhost:50002",
config: &IdentityProviderConfig{
SignatureAlgorithm: dsig.RSASHA256SignatureMethod,
MetadataIDPConfig: &MetadataIDPConfig{},
Endpoints: &EndpointConfig{
Callback: getEndpointPointer("/saml/login", "http://localhost:50002/saml/login"),
},
},
certificate: "-----BEGIN CERTIFICATE-----\nMIICvDCCAaQCCQD6E8ZGsQ2usjANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQDDBVt\neXNlcnZpY2UuZXhhbXBsZS5jb20wHhcNMjIwMjE3MTQwNjM5WhcNMjMwMjE3MTQw\nNjM5WjAgMR4wHAYDVQQDDBVteXNlcnZpY2UuZXhhbXBsZS5jb20wggEiMA0GCSqG\nSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7XKdCRxUZXjdqVqwwwOJqc1Ch0nOSmk+U\nerkUqlviWHdeLR+FolHKjqLzCBloAz4xVc0DFfR76gWcWAHJloqZ7GBS7NpDhzV8\nG+cXQ+bTU0Lu2e73zCQb30XUdKhWiGfDKaU+1xg9CD/2gIfsYPs3TTq1sq7oCs5q\nLdUHaVL5kcRaHKdnTi7cs5i9xzs3TsUnXcrJPwydjp+aEkyRh07oMpXBEobGisfF\n2p1MA6pVW2gjmywf7D5iYEFELQhM7poqPN3/kfBvU1n7Lfgq7oxmv/8LFi4Zopr5\nnyqsz26XPtUy1WqTzgznAmP+nN0oBTERFVbXXdRa3k2v4cxTNPn/AgMBAAEwDQYJ\nKoZIhvcNAQELBQADggEBAJYxROWSOZbOzXzafdGjQKsMgN948G/hHwVuZneyAcVo\nLMFTs1Weya9Z+snMp1u0AdDGmQTS9zGnD7syDYGOmgigOLcMvLMoWf5tCQBbEukW\n8O7DPjRR0XypChGSsHsqLGO0B0HaTel0HdP9Si827OCkc9Q+WbsFG/8/4ToGWL+u\nla1WuLawozoj8umPi9D8iXCoW35y2STU+WFQG7W+Kfdu+2CYz/0tGdwVqNG4Wsfa\nwWchrS00vGFKjm/fJc876gAfxiMH1I9fZvYSAxAZ3sVI//Ml2sUdgf067ywQ75oa\nLSS2NImmz5aos3vuWmOXhILd7iTU+BD8Uv6vWbI7I1M=\n-----END CERTIFICATE-----\n",
key: "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC7XKdCRxUZXjdq\nVqwwwOJqc1Ch0nOSmk+UerkUqlviWHdeLR+FolHKjqLzCBloAz4xVc0DFfR76gWc\nWAHJloqZ7GBS7NpDhzV8G+cXQ+bTU0Lu2e73zCQb30XUdKhWiGfDKaU+1xg9CD/2\ngIfsYPs3TTq1sq7oCs5qLdUHaVL5kcRaHKdnTi7cs5i9xzs3TsUnXcrJPwydjp+a\nEkyRh07oMpXBEobGisfF2p1MA6pVW2gjmywf7D5iYEFELQhM7poqPN3/kfBvU1n7\nLfgq7oxmv/8LFi4Zopr5nyqsz26XPtUy1WqTzgznAmP+nN0oBTERFVbXXdRa3k2v\n4cxTNPn/AgMBAAECggEAF+rV9yH30Ysza8GwrXCR9qDN1Dp3QmmsavnXkonEvPoq\nEr2T3o0//6mBp6CLDboMQGQBjblJwl+3Y6PgZolvHAMOsMdHfYNPEo7FSzUBzEw+\nqRrs5HkMyvoPgfV6X8F97W3tiD4Q/AmHkMILl+MxbnfPXM54gWqPuwIqxY1uaCk5\nREwyb7WBon3rd58ceOI1SLRjod6SbqWBMMSN3cJ+5VEPObFjw/RlhNQ5rBI8G5Kt\nso2zBU5C4BB2CvqlWy98WDKJkTvWHbiTjZCy8BQ+gQ6UJM2vaNELFOVpuMGQnMIi\noWiX10Jg2e1gP9j3TdrohlGF8M3+TXjSFKNmeX0DUQKBgQDx7UazUWS5RtkgnjH9\nw2xH2xkstJVD7nAS8VTxNwcrgjVXPvTJha9El904obUjyRX7ppb02tuH5ML/bZh6\n9lL4bP5+SHcJ10e4q8CK/KAGHD6BYAbaGXRq0CoSk5a3vv5XPdob4T5qKCIHFpnu\nMfbvdbEoameLOyRYOGu/yVZIiwKBgQDGQs7FRTisHV0xooiRmlvYF0dcd19qpLed\nqhgJNqBPOTEvvGvJNRoi39haEY3cuTqsxZ5FAlFlVFMUUozz+d0xBLLInoVY/Y4h\nhSdGmdw/A6oHodLqyEp3N5RZNdLlh8/nDS3xXzMotAl75bW5kc2ttcRhRdtyNJ9Z\nup0PgppO3QKBgEC45upAQz8iCiKkz+EA8C4FGqYQJcLHvmoC8GOcAioMqrKNoDVt\ns2cZbdChynEpcd0iQ058YrDnbZeiPWHgFnBp0Gf+gQI7+u8X2+oTDci0s7Au/YZJ\nuxB8YlUX8QF1clvqqzg8OVNzKy9UR5gm+9YyWVPjq5HfH6kOZx0nAxNjAoGAERt8\nqgsCC9/wxbKnpCC0oh3IG5N1WUdjTKh7sHfVN2DQ/LR+fHsniTDVg1gWbKBTDsty\nj7PWgC7ZiFxjKz45NtyX7LW4/efLFttdezsVhR500nnFMFseCdFy7Iu3afThHKfH\nehdj27RFSTqWBrAtFjsj+dzERcOCqIRwvwDe/cUCgYEA5+1mzVXDVjKsWylKJPk+\nZZA4LUfvmTj3VLNDZrlSAI/xEikCFio0QWEA2TQYTAwbXTrKwQSeHQRhv7OTc1h+\nMhpAgvs189ze5J4jiNmULEkkrO+Cxxnw8tyV+UFRZtzW9gUoVBwXiZ/Wbl9sfnlO\nwLJHc0j6OltPcPJmxHP8gQI=\n-----END PRIVATE KEY-----\n",
request: request{
ID: "test",
AuthRequestID: "test",
Binding: RedirectBinding,
AcsURL: "url",
UserID: "userid",
Done: true,
},
sp: sp{
appID: "test",
entityID: "http://localhost:8000/saml/metadata",
metadata: "PEVudGl0eURlc2NyaXB0b3IgeG1sbnM9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDptZXRhZGF0YSIgdmFsaWRVbnRpbD0iMjAyMi0wNC0yOFQxMTozMjowNC43OTdaIiBlbnRpdHlJRD0iaHR0cDovL2xvY2FsaG9zdDo4MDAwL3NhbWwvbWV0YWRhdGEiPgogIDxTUFNTT0Rlc2NyaXB0b3IgeG1sbnM9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDptZXRhZGF0YSIgdmFsaWRVbnRpbD0iMjAyMi0wNC0yOFQxMTozMjowNC43OTY5MjNaIiBwcm90b2NvbFN1cHBvcnRFbnVtZXJhdGlvbj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBBdXRoblJlcXVlc3RzU2lnbmVkPSJ0cnVlIiBXYW50QXNzZXJ0aW9uc1NpZ25lZD0idHJ1ZSI+CiAgICA8S2V5RGVzY3JpcHRvciB1c2U9ImVuY3J5cHRpb24iPgogICAgICA8S2V5SW5mbyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CiAgICAgICAgPFg1MDlEYXRhIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4KICAgICAgICAgIDxYNTA5Q2VydGlmaWNhdGUgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPk1JSUN2RENDQWFRQ0NRRDZFOFpHc1EydXNqQU5CZ2txaGtpRzl3MEJBUXNGQURBZ01SNHdIQVlEVlFRRERCVnRlWE5sY25acFkyVXVaWGhoYlhCc1pTNWpiMjB3SGhjTk1qSXdNakUzTVRRd05qTTVXaGNOTWpNd01qRTNNVFF3TmpNNVdqQWdNUjR3SEFZRFZRUUREQlZ0ZVhObGNuWnBZMlV1WlhoaGJYQnNaUzVqYjIwd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUM3WEtkQ1J4VVpYamRxVnF3d3dPSnFjMUNoMG5PU21rK1VlcmtVcWx2aVdIZGVMUitGb2xIS2pxTHpDQmxvQXo0eFZjMERGZlI3NmdXY1dBSEpsb3FaN0dCUzdOcERoelY4RytjWFErYlRVMEx1MmU3M3pDUWIzMFhVZEtoV2lHZkRLYVUrMXhnOUNELzJnSWZzWVBzM1RUcTFzcTdvQ3M1cUxkVUhhVkw1a2NSYUhLZG5UaTdjczVpOXh6czNUc1VuWGNySlB3eWRqcCthRWt5UmgwN29NcFhCRW9iR2lzZkYycDFNQTZwVlcyZ2pteXdmN0Q1aVlFRkVMUWhNN3BvcVBOMy9rZkJ2VTFuN0xmZ3E3b3htdi84TEZpNFpvcHI1bnlxc3oyNlhQdFV5MVdxVHpnem5BbVArbk4wb0JURVJGVmJYWGRSYTNrMnY0Y3hUTlBuL0FnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUpZeFJPV1NPWmJPelh6YWZkR2pRS3NNZ045NDhHL2hId1Z1Wm5leUFjVm9MTUZUczFXZXlhOVorc25NcDF1MEFkREdtUVRTOXpHbkQ3c3lEWUdPbWdpZ09MY012TE1vV2Y1dENRQmJFdWtXOE83RFBqUlIwWHlwQ2hHU3NIc3FMR08wQjBIYVRlbDBIZFA5U2k4MjdPQ2tjOVErV2JzRkcvOC80VG9HV0wrdWxhMVd1TGF3b3pvajh1bVBpOUQ4aVhDb1czNXkyU1RVK1dGUUc3VytLZmR1KzJDWXovMHRHZHdWcU5HNFdzZmF3V2NoclMwMHZHRktqbS9mSmM4NzZnQWZ4aU1IMUk5Zlp2WVNBeEFaM3NWSS8vTWwyc1VkZ2YwNjd5d1E3NW9hTFNTMk5JbW16NWFvczN2dVdtT1hoSUxkN2lUVStCRDhVdjZ2V2JJN0kxTT08L1g1MDlDZXJ0aWZpY2F0ZT4KICAgICAgICA8L1g1MDlEYXRhPgogICAgICA8L0tleUluZm8+CiAgICAgIDxFbmNyeXB0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjYWVzMTI4LWNiYyI+PC9FbmNyeXB0aW9uTWV0aG9kPgogICAgICA8RW5jcnlwdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI2FlczE5Mi1jYmMiPjwvRW5jcnlwdGlvbk1ldGhvZD4KICAgICAgPEVuY3J5cHRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNhZXMyNTYtY2JjIj48L0VuY3J5cHRpb25NZXRob2Q+CiAgICAgIDxFbmNyeXB0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjcnNhLW9hZXAtbWdmMXAiPjwvRW5jcnlwdGlvbk1ldGhvZD4KICAgIDwvS2V5RGVzY3JpcHRvcj4KICAgIDxLZXlEZXNjcmlwdG9yIHVzZT0ic2lnbmluZyI+CiAgICAgIDxLZXlJbmZvIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4KICAgICAgICA8WDUwOURhdGEgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgogICAgICAgICAgPFg1MDlDZXJ0aWZpY2F0ZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+TUlJQ3ZEQ0NBYVFDQ1FENkU4WkdzUTJ1c2pBTkJna3Foa2lHOXcwQkFRc0ZBREFnTVI0d0hBWURWUVFEREJWdGVYTmxjblpwWTJVdVpYaGhiWEJzWlM1amIyMHdIaGNOTWpJd01qRTNNVFF3TmpNNVdoY05Nak13TWpFM01UUXdOak01V2pBZ01SNHdIQVlEVlFRRERCVnRlWE5sY25acFkyVXVaWGhoYlhCc1pTNWpiMjB3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQzdYS2RDUnhVWlhqZHFWcXd3d09KcWMxQ2gwbk9TbWsrVWVya1VxbHZpV0hkZUxSK0ZvbEhLanFMekNCbG9BejR4VmMwREZmUjc2Z1djV0FISmxvcVo3R0JTN05wRGh6VjhHK2NYUStiVFUwTHUyZTczekNRYjMwWFVkS2hXaUdmREthVSsxeGc5Q0QvMmdJZnNZUHMzVFRxMXNxN29DczVxTGRVSGFWTDVrY1JhSEtkblRpN2NzNWk5eHpzM1RzVW5YY3JKUHd5ZGpwK2FFa3lSaDA3b01wWEJFb2JHaXNmRjJwMU1BNnBWVzJnam15d2Y3RDVpWUVGRUxRaE03cG9xUE4zL2tmQnZVMW43TGZncTdveG12LzhMRmk0Wm9wcjVueXFzejI2WFB0VXkxV3FUemd6bkFtUCtuTjBvQlRFUkZWYlhYZFJhM2sydjRjeFROUG4vQWdNQkFBRXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSll4Uk9XU09aYk96WHphZmRHalFLc01nTjk0OEcvaEh3VnVabmV5QWNWb0xNRlRzMVdleWE5Witzbk1wMXUwQWRER21RVFM5ekduRDdzeURZR09tZ2lnT0xjTXZMTW9XZjV0Q1FCYkV1a1c4TzdEUGpSUjBYeXBDaEdTc0hzcUxHTzBCMEhhVGVsMEhkUDlTaTgyN09Da2M5UStXYnNGRy84LzRUb0dXTCt1bGExV3VMYXdvem9qOHVtUGk5RDhpWENvVzM1eTJTVFUrV0ZRRzdXK0tmZHUrMkNZei8wdEdkd1ZxTkc0V3NmYXdXY2hyUzAwdkdGS2ptL2ZKYzg3NmdBZnhpTUgxSTlmWnZZU0F4QVozc1ZJLy9NbDJzVWRnZjA2N3l3UTc1b2FMU1MyTkltbXo1YW9zM3Z1V21PWGhJTGQ3aVRVK0JEOFV2NnZXYkk3STFNPTwvWDUwOUNlcnRpZmljYXRlPgogICAgICAgIDwvWDUwOURhdGE+CiAgICAgIDwvS2V5SW5mbz4KICAgIDwvS2V5RGVzY3JpcHRvcj4KICAgIDxTaW5nbGVMb2dvdXRTZXJ2aWNlIEJpbmRpbmc9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpiaW5kaW5nczpIVFRQLVBPU1QiIExvY2F0aW9uPSJodHRwOi8vbG9jYWxob3N0OjgwMDAvc2FtbC9zbG8iIFJlc3BvbnNlTG9jYXRpb249Imh0dHA6Ly9sb2NhbGhvc3Q6ODAwMC9zYW1sL3NsbyI+PC9TaW5nbGVMb2dvdXRTZXJ2aWNlPgogICAgPEFzc2VydGlvbkNvbnN1bWVyU2VydmljZSBCaW5kaW5nPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YmluZGluZ3M6SFRUUC1QT1NUIiBMb2NhdGlvbj0iaHR0cDovL2xvY2FsaG9zdDo4MDAwL3NhbWwvYWNzIiBpbmRleD0iMSI+PC9Bc3NlcnRpb25Db25zdW1lclNlcnZpY2U+CiAgICA8QXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWNlIEJpbmRpbmc9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpiaW5kaW5nczpIVFRQLUFydGlmYWN0IiBMb2NhdGlvbj0iaHR0cDovL2xvY2FsaG9zdDo4MDAwL3NhbWwvYWNzIiBpbmRleD0iMiI+PC9Bc3NlcnRpb25Db25zdW1lclNlcnZpY2U+CiAgPC9TUFNTT0Rlc2NyaXB0b3I+CjwvRW50aXR5RGVzY3JpcHRvcj4=",
},
},
res{
code: 302,
state: "",
err: false,
}},
{
"login post successful",
args{
Expand Down
3 changes: 0 additions & 3 deletions pkg/provider/redirect.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,9 +42,6 @@ func verifyRedirectSignature(
if authRequest() == "" {
return fmt.Errorf("no authrequest provided but required")
}
if relayState() == "" {
return fmt.Errorf("no relaystate provided but required")
}
if sig() == "" {
return fmt.Errorf("no signature provided but required")
}
Expand Down
10 changes: 0 additions & 10 deletions pkg/provider/sso.go
Original file line number Diff line number Diff line change
Expand Up @@ -65,16 +65,6 @@ func (p *IdentityProvider) ssoHandleFunc(w http.ResponseWriter, r *http.Request)
},
)

// verify that relayState is provided
checkerInstance.WithConditionalValueNotEmpty(
func() bool { return authRequestForm.Binding == RedirectBinding },
"relayState",
func() string { return authRequestForm.RelayState },
func() {
response.sendBackResponse(r, w, response.makeDeniedResponse(fmt.Errorf("empty relaystate").Error(), p.timeFormat))
},
)

// verify that request is not empty
checkerInstance.WithValueNotEmptyCheck(
"SAMLRequest",
Expand Down
63 changes: 63 additions & 0 deletions pkg/provider/sso_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -195,6 +195,21 @@ func TestSSO_getAuthRequestFromRequest(t *testing.T) {
false,
},
},
{
"signed redirect binding without RelayState",
&http.Request{URL: &url.URL{RawQuery: "SAMLRequest=request&SAMLEncoding=encoding&SigAlg=alg&Signature=sig"}},
res{
&AuthRequestForm{
AuthRequest: "request",
Encoding: "encoding",
RelayState: "",
SigAlg: "alg",
Sig: "sig",
Binding: RedirectBinding,
},
false,
},
},
{
"unsigned redirect binding",
&http.Request{URL: &url.URL{RawQuery: "SAMLRequest=request&SAMLEncoding=encoding&RelayState=state"}},
Expand Down Expand Up @@ -230,6 +245,25 @@ func TestSSO_getAuthRequestFromRequest(t *testing.T) {
false,
},
},
{
"post binding without RelayState",
&http.Request{
Form: map[string][]string{
"SAMLRequest": {"request"},
},
URL: &url.URL{RawQuery: ""}},
res{
&AuthRequestForm{
AuthRequest: "request",
Encoding: "",
RelayState: "",
SigAlg: "",
Sig: "",
Binding: PostBinding,
},
false,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
Expand Down Expand Up @@ -468,6 +502,35 @@ func TestSSO_ssoHandleFunc(t *testing.T) {
state: "",
err: false,
}},
{
"redirect request without RelayState",
args{
issuer: "http://localhost:50002",
metadataEndpoint: "/saml/metadata",
config: &IdentityProviderConfig{
SignatureAlgorithm: dsig.RSASHA256SignatureMethod,
MetadataIDPConfig: &MetadataIDPConfig{},
Endpoints: &EndpointConfig{
SingleSignOn: getEndpointPointer("/saml/SSO", "http://localhost:50002/saml/SSO"),
},
},
certificate: "-----BEGIN CERTIFICATE-----\nMIICvDCCAaQCCQD6E8ZGsQ2usjANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQDDBVt\neXNlcnZpY2UuZXhhbXBsZS5jb20wHhcNMjIwMjE3MTQwNjM5WhcNMjMwMjE3MTQw\nNjM5WjAgMR4wHAYDVQQDDBVteXNlcnZpY2UuZXhhbXBsZS5jb20wggEiMA0GCSqG\nSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7XKdCRxUZXjdqVqwwwOJqc1Ch0nOSmk+U\nerkUqlviWHdeLR+FolHKjqLzCBloAz4xVc0DFfR76gWcWAHJloqZ7GBS7NpDhzV8\nG+cXQ+bTU0Lu2e73zCQb30XUdKhWiGfDKaU+1xg9CD/2gIfsYPs3TTq1sq7oCs5q\nLdUHaVL5kcRaHKdnTi7cs5i9xzs3TsUnXcrJPwydjp+aEkyRh07oMpXBEobGisfF\n2p1MA6pVW2gjmywf7D5iYEFELQhM7poqPN3/kfBvU1n7Lfgq7oxmv/8LFi4Zopr5\nnyqsz26XPtUy1WqTzgznAmP+nN0oBTERFVbXXdRa3k2v4cxTNPn/AgMBAAEwDQYJ\nKoZIhvcNAQELBQADggEBAJYxROWSOZbOzXzafdGjQKsMgN948G/hHwVuZneyAcVo\nLMFTs1Weya9Z+snMp1u0AdDGmQTS9zGnD7syDYGOmgigOLcMvLMoWf5tCQBbEukW\n8O7DPjRR0XypChGSsHsqLGO0B0HaTel0HdP9Si827OCkc9Q+WbsFG/8/4ToGWL+u\nla1WuLawozoj8umPi9D8iXCoW35y2STU+WFQG7W+Kfdu+2CYz/0tGdwVqNG4Wsfa\nwWchrS00vGFKjm/fJc876gAfxiMH1I9fZvYSAxAZ3sVI//Ml2sUdgf067ywQ75oa\nLSS2NImmz5aos3vuWmOXhILd7iTU+BD8Uv6vWbI7I1M=\n-----END CERTIFICATE-----\n",
key: "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC7XKdCRxUZXjdq\nVqwwwOJqc1Ch0nOSmk+UerkUqlviWHdeLR+FolHKjqLzCBloAz4xVc0DFfR76gWc\nWAHJloqZ7GBS7NpDhzV8G+cXQ+bTU0Lu2e73zCQb30XUdKhWiGfDKaU+1xg9CD/2\ngIfsYPs3TTq1sq7oCs5qLdUHaVL5kcRaHKdnTi7cs5i9xzs3TsUnXcrJPwydjp+a\nEkyRh07oMpXBEobGisfF2p1MA6pVW2gjmywf7D5iYEFELQhM7poqPN3/kfBvU1n7\nLfgq7oxmv/8LFi4Zopr5nyqsz26XPtUy1WqTzgznAmP+nN0oBTERFVbXXdRa3k2v\n4cxTNPn/AgMBAAECggEAF+rV9yH30Ysza8GwrXCR9qDN1Dp3QmmsavnXkonEvPoq\nEr2T3o0//6mBp6CLDboMQGQBjblJwl+3Y6PgZolvHAMOsMdHfYNPEo7FSzUBzEw+\nqRrs5HkMyvoPgfV6X8F97W3tiD4Q/AmHkMILl+MxbnfPXM54gWqPuwIqxY1uaCk5\nREwyb7WBon3rd58ceOI1SLRjod6SbqWBMMSN3cJ+5VEPObFjw/RlhNQ5rBI8G5Kt\nso2zBU5C4BB2CvqlWy98WDKJkTvWHbiTjZCy8BQ+gQ6UJM2vaNELFOVpuMGQnMIi\noWiX10Jg2e1gP9j3TdrohlGF8M3+TXjSFKNmeX0DUQKBgQDx7UazUWS5RtkgnjH9\nw2xH2xkstJVD7nAS8VTxNwcrgjVXPvTJha9El904obUjyRX7ppb02tuH5ML/bZh6\n9lL4bP5+SHcJ10e4q8CK/KAGHD6BYAbaGXRq0CoSk5a3vv5XPdob4T5qKCIHFpnu\nMfbvdbEoameLOyRYOGu/yVZIiwKBgQDGQs7FRTisHV0xooiRmlvYF0dcd19qpLed\nqhgJNqBPOTEvvGvJNRoi39haEY3cuTqsxZ5FAlFlVFMUUozz+d0xBLLInoVY/Y4h\nhSdGmdw/A6oHodLqyEp3N5RZNdLlh8/nDS3xXzMotAl75bW5kc2ttcRhRdtyNJ9Z\nup0PgppO3QKBgEC45upAQz8iCiKkz+EA8C4FGqYQJcLHvmoC8GOcAioMqrKNoDVt\ns2cZbdChynEpcd0iQ058YrDnbZeiPWHgFnBp0Gf+gQI7+u8X2+oTDci0s7Au/YZJ\nuxB8YlUX8QF1clvqqzg8OVNzKy9UR5gm+9YyWVPjq5HfH6kOZx0nAxNjAoGAERt8\nqgsCC9/wxbKnpCC0oh3IG5N1WUdjTKh7sHfVN2DQ/LR+fHsniTDVg1gWbKBTDsty\nj7PWgC7ZiFxjKz45NtyX7LW4/efLFttdezsVhR500nnFMFseCdFy7Iu3afThHKfH\nehdj27RFSTqWBrAtFjsj+dzERcOCqIRwvwDe/cUCgYEA5+1mzVXDVjKsWylKJPk+\nZZA4LUfvmTj3VLNDZrlSAI/xEikCFio0QWEA2TQYTAwbXTrKwQSeHQRhv7OTc1h+\nMhpAgvs189ze5J4jiNmULEkkrO+Cxxnw8tyV+UFRZtzW9gUoVBwXiZ/Wbl9sfnlO\nwLJHc0j6OltPcPJmxHP8gQI=\n-----END PRIVATE KEY-----\n",
request: request{
ID: "test",
Binding: RedirectBinding,
SAMLRequest: url.QueryEscape("nJJBj9MwEIX/ijX3NG6a7DbWJlLZClFpYatN4cBt6k6oJccungmw/x61XaQioRy42vP5ved5D4yDP5nVKMfwQt9HYlG/Bh/YnC8aGFMwEdmxCTgQG7GmW318MsVMG2SmJC4GuEFO08wpRYk2elCbdQPukFlNd/c9LQpczPve6r3taVHWdbWoal3bfr7c03JJc1BfKLGLoYFipkFtmEfaBBYM0kChiyLTZVbc7XRtyntTVrOyrr6CWhOLCygX8ihyMnnuo0V/jCym0loX+dl33nXPoFZ/Ij3GwONAqaP0w1n6/PL0D3qptb7CaBnU9i3bOxcOLnyb/oj9dYjNh91um22fux20l2WYS7Kk3sc0oEw/cj5xh6y/jBoK4uQV2gmfAwkeUPAhv5Fq30rwCQfarLfRO/v6H/KSMLCjIKBW3sefj4lQqAFJI0HeXiX/rlr7OwAA//8="),
},
sp: sp{
entityID: "http://localhost:8000/saml/metadata",
metadata: "<EntityDescriptor xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2022-04-28T11:32:04.797Z\" entityID=\"http://localhost:8000/saml/metadata\">\n <SPSSODescriptor xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2022-04-28T11:32:04.796923Z\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\" AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"true\">\n <KeyDescriptor use=\"encryption\">\n <KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n <X509Data xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n <X509Certificate xmlns=\"http://www.w3.org/2000/09/xmldsig#\">MIICvDCCAaQCCQD6E8ZGsQ2usjANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQDDBVteXNlcnZpY2UuZXhhbXBsZS5jb20wHhcNMjIwMjE3MTQwNjM5WhcNMjMwMjE3MTQwNjM5WjAgMR4wHAYDVQQDDBVteXNlcnZpY2UuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7XKdCRxUZXjdqVqwwwOJqc1Ch0nOSmk+UerkUqlviWHdeLR+FolHKjqLzCBloAz4xVc0DFfR76gWcWAHJloqZ7GBS7NpDhzV8G+cXQ+bTU0Lu2e73zCQb30XUdKhWiGfDKaU+1xg9CD/2gIfsYPs3TTq1sq7oCs5qLdUHaVL5kcRaHKdnTi7cs5i9xzs3TsUnXcrJPwydjp+aEkyRh07oMpXBEobGisfF2p1MA6pVW2gjmywf7D5iYEFELQhM7poqPN3/kfBvU1n7Lfgq7oxmv/8LFi4Zopr5nyqsz26XPtUy1WqTzgznAmP+nN0oBTERFVbXXdRa3k2v4cxTNPn/AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAJYxROWSOZbOzXzafdGjQKsMgN948G/hHwVuZneyAcVoLMFTs1Weya9Z+snMp1u0AdDGmQTS9zGnD7syDYGOmgigOLcMvLMoWf5tCQBbEukW8O7DPjRR0XypChGSsHsqLGO0B0HaTel0HdP9Si827OCkc9Q+WbsFG/8/4ToGWL+ula1WuLawozoj8umPi9D8iXCoW35y2STU+WFQG7W+Kfdu+2CYz/0tGdwVqNG4WsfawWchrS00vGFKjm/fJc876gAfxiMH1I9fZvYSAxAZ3sVI//Ml2sUdgf067ywQ75oaLSS2NImmz5aos3vuWmOXhILd7iTU+BD8Uv6vWbI7I1M=</X509Certificate>\n </X509Data>\n </KeyInfo>\n <EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes128-cbc\"></EncryptionMethod>\n <EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes192-cbc\"></EncryptionMethod>\n <EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes256-cbc\"></EncryptionMethod>\n <EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p\"></EncryptionMethod>\n </KeyDescriptor>\n <KeyDescriptor use=\"signing\">\n <KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n <X509Data xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n <X509Certificate xmlns=\"http://www.w3.org/2000/09/xmldsig#\">MIICvDCCAaQCCQD6E8ZGsQ2usjANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQDDBVteXNlcnZpY2UuZXhhbXBsZS5jb20wHhcNMjIwMjE3MTQwNjM5WhcNMjMwMjE3MTQwNjM5WjAgMR4wHAYDVQQDDBVteXNlcnZpY2UuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7XKdCRxUZXjdqVqwwwOJqc1Ch0nOSmk+UerkUqlviWHdeLR+FolHKjqLzCBloAz4xVc0DFfR76gWcWAHJloqZ7GBS7NpDhzV8G+cXQ+bTU0Lu2e73zCQb30XUdKhWiGfDKaU+1xg9CD/2gIfsYPs3TTq1sq7oCs5qLdUHaVL5kcRaHKdnTi7cs5i9xzs3TsUnXcrJPwydjp+aEkyRh07oMpXBEobGisfF2p1MA6pVW2gjmywf7D5iYEFELQhM7poqPN3/kfBvU1n7Lfgq7oxmv/8LFi4Zopr5nyqsz26XPtUy1WqTzgznAmP+nN0oBTERFVbXXdRa3k2v4cxTNPn/AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAJYxROWSOZbOzXzafdGjQKsMgN948G/hHwVuZneyAcVoLMFTs1Weya9Z+snMp1u0AdDGmQTS9zGnD7syDYGOmgigOLcMvLMoWf5tCQBbEukW8O7DPjRR0XypChGSsHsqLGO0B0HaTel0HdP9Si827OCkc9Q+WbsFG/8/4ToGWL+ula1WuLawozoj8umPi9D8iXCoW35y2STU+WFQG7W+Kfdu+2CYz/0tGdwVqNG4WsfawWchrS00vGFKjm/fJc876gAfxiMH1I9fZvYSAxAZ3sVI//Ml2sUdgf067ywQ75oaLSS2NImmz5aos3vuWmOXhILd7iTU+BD8Uv6vWbI7I1M=</X509Certificate>\n </X509Data>\n </KeyInfo>\n </KeyDescriptor>\n <SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"http://localhost:8000/saml/slo\" ResponseLocation=\"http://localhost:8000/saml/slo\"></SingleLogoutService>\n <AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"http://localhost:8000/saml/acs\" index=\"1\"></AssertionConsumerService>\n <AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\" Location=\"http://localhost:8000/saml/acs\" index=\"2\"></AssertionConsumerService>\n </SPSSODescriptor>\n</EntityDescriptor>",
},
},
res{
code: 303,
state: "",
err: false,
}},
{
"redirect request form parse error",
args{
Expand Down

0 comments on commit 020193f

Please sign in to comment.