GetSigningContext returns a dsig.SigningContext initialized based on the Service Provider's configuration.

New returns a new Server.

NewIdpAuthnRequest returns a new IdpAuthnRequest for the given HTTP request to the authorization service.

The Canonicalizer prefix list MUST be empty.

DefaultCacheDuration is how long we ask the IDP to cache the SP metadata.

DefaultValidDuration is how long we assert that the SP metadata is valid.

HTTPArtifactBinding is the official URN for the HTTP-Artifact binding (transport).

HTTPPostBinding is the official URN for the HTTP-POST binding (transport).

HTTPRedirectBinding is the official URN for the HTTP-Redirect binding (transport).

SOAPBinding is the official URN for the SOAP binding (transport).

SOAPBindingV1 is the URN for the SOAP binding in SAML 1.0.

StatusAuthnFailed means the responding provider was unable to successfully authenticate the principal.

StatusInvalidAttrNameOrValue means Unexpected or invalid content was encountered within a <saml:Attribute> or <saml:AttributeValue> element.

StatusInvalidNameIDPolicy means the responding provider cannot or will not support the requested name identifier policy.

StatusNoAuthnContext means the specified authentication context requirements cannot be met by the responder.

StatusNoAvailableIDP is used by an intermediary to indicate that none of the supported identity provider <Loc> elements in an <IDPList> can be resolved or that none of the supported identity providers are available.

nolint:gosec.

StatusNoSupportedIDP is used by an intermediary to indicate that none of the identity providers in an <IDPList> are supported by the intermediary.

StatusPartialLogout is used by a session authority to indicate to a session participant that it was not able to propagate logout to all other session participants.

StatusProxyCountExceeded means Indicates that a responding provider cannot authenticate the principal directly and is not permitted to proxy the request further.

StatusRequestDenied means the SAML responder or SAML authority is able to process the request but has chosen not to respond.

StatusRequester means the request could not be performed due to an error on the part of the requester.

StatusRequestUnsupported means the SAML responder or SAML authority does not support the request.

nolint:gosec.

StatusRequestVersionTooHigh means the SAML responder cannot process the request because the protocol version specified in the request message is a major upgrade from the highest protocol version supported by the responder.

StatusRequestVersionTooLow means the SAML responder cannot process the request because the protocol version specified in the request message is too low.

StatusResourceNotRecognized means the resource value provided in the request message is invalid or unrecognized.

StatusResponder means the request could not be performed due to an error on the part of the SAML responder or SAML authority.

StatusTooManyResponses means the response message would contain more elements than the SAML responder is able to return.

StatusUnknownAttrProfile means an entity that has no knowledge of a particular attribute profile has been presented with an attribute means drawn from that profile.

StatusUnknownPrincipal means the responding provider does not recognize the principal specified or implied by the request.

StatusUnsupportedBinding means the SAML responder cannot properly fulfill the request using the protocol binding specified in the request.

StatusVersionMismatch means the SAML responder could not process the request because the version of the request message was incorrect.

MaxClockSkew allows for leeway for clock skew between the IDP and SP when validating assertions.

MaxIssueDelay is the longest allowed time between when a SAML assertion is issued by the IDP and the time it is received by ParseResponse.

Metadata as been renamed to EntityDescriptor This change was made to be consistent with the rest of the API which uses names from the SAML specification for types.

StatusSuccess means the request succeeded.

AffiliationDescriptor represents the SAML AffiliationDescriptor object.

ArtifactResolve represents the SAML object of the same name.

ArtifactResponse represents the SAML object of the same name.

Assertion represents the SAML element Assertion.

AssertionAttribute represents an attribute of the user extracted from a SAML Assertion.

Attribute represents the SAML element Attribute.

AttributeAuthorityDescriptor represents the SAML AttributeAuthorityDescriptor object.

AttributeConsumingService represents the SAML AttributeConsumingService object.

AttributeStatement represents the SAML element AttributeStatement.

AttributeValue represents the SAML element AttributeValue.

Audience represents the SAML element Audience.

AudienceRestriction represents the SAML element AudienceRestriction.

AuthnAuthorityDescriptor represents the SAML AuthnAuthorityDescriptor object.

AuthnContext represents the SAML element AuthnContext.

AuthnContextClassRef represents the SAML element AuthnContextClassRef.

AuthnRequest represents the SAML object of the same name, a request from a service provider to authenticate a user.

AuthnStatement represents the SAML element AuthnStatement.

Conditions represents the SAML element Conditions.

ContactPerson represents the SAML element ContactPerson.

DefaultAssertionMaker produces a SAML assertion for the given request and assigns it to req.Assertion.

EncryptionMethod represents the XMLSEC object of the same name.

Endpoint represents the SAML EndpointType object.

EntitiesDescriptor represents the SAML object of the same name.

EntityDescriptor represents the SAML EntityDescriptor object.

ErrBadStatus is returned when the assertion provided is valid but the status code is not "urn:oasis:names:tc:SAML:2.0:status:Success".

IdentityProvider implements the SAML Identity Provider role (IDP).

IdpAuthnRequest is used by IdentityProvider to handle a single authentication request.

IdpAuthnRequestForm contans HTML form information to be submitted to the SAML HTTP POST binding ACS.

IDPSSODescriptor represents the SAML IDPSSODescriptorType object.

IndexedEndpoint represents the SAML IndexedEndpointType object.

InvalidResponseError is the error produced by ParseResponse when it fails.

Issuer represents the SAML object of the same name.

KeyDescriptor represents the XMLSEC object of the same name.

KeyInfo represents the XMLSEC object of the same name.

LocalizedName represents the SAML type localizedNameType.

LocalizedURI represents the SAML type localizedURIType.

LogoutRequest represents the SAML object of the same name, a request from an IDP to destroy a user's session.

LogoutResponse represents the SAML object of the same name.

NameID represents the SAML element NameID.

NameIDPolicy represents the SAML object of the same name.

OneTimeUse represents the SAML element OneTimeUse.

Options represent the parameters to New() for creating a new IDP server.

Organization represents the SAML Organization object.

PDPDescriptor represents the SAML PDPDescriptor object.

ProxyRestriction represents the SAML element ProxyRestriction.

RequestedAttribute represents the SAML RequestedAttribute object.

RequestedAuthnContext represents the SAML object of the same name, an indication of the requirements on the authentication process.

Response represents the SAML object of the same name.

RoleDescriptor represents the SAML element RoleDescriptor.

Server represents an IDP server.

Service represents a configured SP for whom this IDP provides authentication services.

ServiceProvider implements SAML Service provider.

Session represents a user session.

SessionIndex represents the SAML element SessionIndex.

Shortcut represents an IDP-initiated SAML flow.

SPSSODescriptor represents the SAML SPSSODescriptorType object.

SSODescriptor represents the SAML complex type SSODescriptor See http://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf §2.4.2.

Status represents the SAML object of the same name.

StatusCode represents the SAML object of the same name.

StatusDetail represents the SAML element StatusDetail.

StatusMessage represents the SAML element StatusMessage.

Subject represents the SAML element Subject.

SubjectConfirmation represents the SAML element SubjectConfirmation.

SubjectConfirmationData represents the SAML element SubjectConfirmationData.

SubjectLocality represents the SAML element SubjectLocality.

User represents a stored user.

X509Certificate represents the XMLSEC object of the same name.

X509Data represents the XMLSEC object of the same name.

AssertionMaker is an interface used by IdentityProvider to construct the assertion for a request.

ServiceProviderProvider is an interface used by IdentityProvider to look up service provider metadata for a request.

SessionProvider is an interface used by IdentityProvider to determine the Session associated with a request.

SignatureVerifier verifies a signature Can be implemented in order to override ServiceProvider's default way of verifying signatures.

AssertionAttributes is a list of AssertionAttribute.