From 7d1da5f3399465a75c8f3dff4813442d7f29837e Mon Sep 17 00:00:00 2001 From: Garrod Alwood Date: Wed, 29 Mar 2023 19:18:08 -0400 Subject: [PATCH 01/22] Adding debugging --- go.mod | 3 +++ go.sum | 26 ++++++++++++++++++++------ samlsp/session_cookie.go | 5 +++++ service_provider.go | 2 +- 4 files changed, 29 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index 39f9c8d2..89a7eec7 100644 --- a/go.mod +++ b/go.mod @@ -12,6 +12,9 @@ require ( github.com/mattermost/xml-roundtrip-validator v0.1.0 github.com/russellhaering/goxmldsig v1.4.0 github.com/stretchr/testify v1.8.4 + github.com/pkg/errors v0.9.1 // indirect + github.com/sirupsen/logrus v1.9.0 // indirect + github.com/stretchr/testify v1.8.1 github.com/zenazn/goji v1.0.1 golang.org/x/crypto v0.18.0 gotest.tools v2.2.0+incompatible diff --git a/go.sum b/go.sum index eaa1f8af..9c549450 100644 --- a/go.sum +++ b/go.sum @@ -36,17 +36,31 @@ github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTE github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE= github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= -github.com/russellhaering/goxmldsig v1.4.0 h1:8UcDh/xGyQiyrW+Fq5t8f+l2DLB1+zlhYzkPUJ7Qhys= -github.com/russellhaering/goxmldsig v1.4.0/go.mod h1:gM4MDENBQf7M+V824SGfyIUVFWydB7n0KkEubVJl+Tw= +github.com/russellhaering/goxmldsig v1.2.0 h1:Y6GTTc9Un5hCxSzVz4UIWQ/zuVwDvzJk80guqzwx6Vg= +github.com/russellhaering/goxmldsig v1.2.0/go.mod h1:gM4MDENBQf7M+V824SGfyIUVFWydB7n0KkEubVJl+Tw= +github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= +github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/zenazn/goji v1.0.1 h1:4lbD8Mx2h7IvloP7r2C0D6ltZP6Ufip8Hn0wmSK5LR8= github.com/zenazn/goji v1.0.1/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= -golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc= -golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= +golang.org/x/crypto v0.0.0-20220128200615-198e4374d7ed h1:YoWVYYAfvQ4ddHv3OKmIvX7NCAhFGTj62VP2l2kfBbA= +golang.org/x/crypto v0.0.0-20220128200615-198e4374d7ed/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 h1:0A+M6Uqn+Eje4kHMK80dtF3JCXC4ykBgQG4Fe06QRhQ= +golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= diff --git a/samlsp/session_cookie.go b/samlsp/session_cookie.go index 4d557eee..691ccc13 100644 --- a/samlsp/session_cookie.go +++ b/samlsp/session_cookie.go @@ -5,6 +5,8 @@ import ( "net/http" "time" + log "github.com/sirupsen/logrus" + "github.com/crewjam/saml" ) @@ -28,6 +30,7 @@ type CookieSessionProvider struct { // should create a new session and modify the http response accordingly, e.g. by // setting a cookie. func (c CookieSessionProvider) CreateSession(w http.ResponseWriter, r *http.Request, assertion *saml.Assertion) error { + log.Debugf("Create Session") // Cookies should not have the port attached to them so strip it off if domain, _, err := net.SplitHostPort(c.Domain); err == nil { c.Domain = domain @@ -59,6 +62,7 @@ func (c CookieSessionProvider) CreateSession(w http.ResponseWriter, r *http.Requ // DeleteSession is called to modify the response such that it removed the current // session, e.g. by deleting a cookie. func (c CookieSessionProvider) DeleteSession(w http.ResponseWriter, r *http.Request) error { + log.Debugf("Delete Session") // Cookies should not have the port attached to them so strip it off if domain, _, err := net.SplitHostPort(c.Domain); err == nil { c.Domain = domain @@ -84,6 +88,7 @@ func (c CookieSessionProvider) DeleteSession(w http.ResponseWriter, r *http.Requ // GetSession returns the current Session associated with the request, or // ErrNoSession if there is no valid session. func (c CookieSessionProvider) GetSession(r *http.Request) (Session, error) { + log.Debugf("Get Session") cookie, err := r.Cookie(c.Name) if err == http.ErrNoCookie { return nil, ErrNoSession diff --git a/service_provider.go b/service_provider.go index 30b35670..0217ecea 100644 --- a/service_provider.go +++ b/service_provider.go @@ -212,7 +212,7 @@ func (sp *ServiceProvider) Metadata() *EntityDescriptor { ValidUntil: &validUntil, }, SingleLogoutServices: sloEndpoints, - NameIDFormats: []NameIDFormat{sp.AuthnNameIDFormat}, + NameIDFormats: []NameIDFormat{"urn:oasis:names:tc:SAML:2.0:nameid-format:transient"}, }, AuthnRequestsSigned: &authnRequestsSigned, WantAssertionsSigned: &wantAssertionsSigned, From fdd614814300edd882c52743bfd3af6954152ab9 Mon Sep 17 00:00:00 2001 From: Garrod Alwood Date: Wed, 29 Mar 2023 19:20:52 -0400 Subject: [PATCH 02/22] Fixing module name and go version --- go.mod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index 89a7eec7..2322c1b2 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ -module github.com/crewjam/saml +module github.com/lorodoes/saml -go 1.19 +go 1.20 require ( github.com/beevik/etree v1.2.0 From b73428b7565b7e992bc9c6707a9d89e015e5a0d7 Mon Sep 17 00:00:00 2001 From: Garrod Alwood Date: Wed, 29 Mar 2023 19:24:17 -0400 Subject: [PATCH 03/22] Update golangci --- .golangci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.golangci.yml b/.golangci.yml index 23f37cbf..20d35d9a 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -38,7 +38,7 @@ linters: - depguard # Go linter that checks if package imports are in a list of acceptable packages [fast: true, auto-fix: false] linters-settings: goimports: - local-prefixes: github.com/crewjam/saml + local-prefixes: github.com/lorodoes/saml govet: disable: - shadow From c8f8b12461ed41c5a8dbb87da520d22ba6886adc Mon Sep 17 00:00:00 2001 From: Garrod Alwood Date: Wed, 29 Mar 2023 19:33:39 -0400 Subject: [PATCH 04/22] Updating to lorodoes --- README.md | 6 +++--- example/idp/idp.go | 4 ++-- example/service.go | 2 +- example/trivial/trivial.go | 2 +- go.mod | 2 ++ go.sum | 7 ------- identity_provider.go | 4 ++-- identity_provider_test.go | 6 +++--- saml.go | 4 ++-- samlidp/samlidp.go | 4 ++-- samlidp/samlidp_test.go | 4 ++-- samlidp/service.go | 2 +- samlidp/session.go | 2 +- samlidp/util.go | 2 +- samlsp/error.go | 2 +- samlsp/fetch_metadata.go | 5 ++--- samlsp/middleware.go | 2 +- samlsp/middleware_test.go | 4 ++-- samlsp/new.go | 2 +- samlsp/request_tracker_cookie.go | 2 +- samlsp/request_tracker_jwt.go | 2 +- samlsp/session.go | 2 +- samlsp/session_cookie.go | 2 +- samlsp/session_cookie_test.go | 2 +- samlsp/session_jwt.go | 2 +- samlsp/util.go | 2 +- service_provider.go | 4 ++-- service_provider_test.go | 2 +- 28 files changed, 40 insertions(+), 46 deletions(-) diff --git a/README.md b/README.md index c0b98058..e8c784ee 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ # SAML -[![](https://godoc.org/github.com/crewjam/saml?status.svg)](http://godoc.org/github.com/crewjam/saml) +[![](https://godoc.org/github.com/lorodoes/saml?status.svg)](http://godoc.org/github.com/lorodoes/saml) -![Build Status](https://github.com/crewjam/saml/workflows/Presubmit/badge.svg) +![Build Status](https://github.com/lorodoes/saml/workflows/Presubmit/badge.svg) Package saml contains a partial implementation of the SAML standard in golang. SAML is a standard for identity federation, i.e. either allowing a third party to authenticate your users or allowing third parties to rely on us to authenticate their users. @@ -54,7 +54,7 @@ import ( "net/http" "net/url" - "github.com/crewjam/saml/samlsp" + "github.com/lorodoes/saml/samlsp" ) func hello(w http.ResponseWriter, r *http.Request) { diff --git a/example/idp/idp.go b/example/idp/idp.go index 4e47a56a..a81614d2 100644 --- a/example/idp/idp.go +++ b/example/idp/idp.go @@ -11,8 +11,8 @@ import ( "github.com/zenazn/goji" "golang.org/x/crypto/bcrypt" - "github.com/crewjam/saml/logger" - "github.com/crewjam/saml/samlidp" + "github.com/lorodoes/saml/logger" + "github.com/lorodoes/saml/samlidp" ) var key = func() crypto.PrivateKey { diff --git a/example/service.go b/example/service.go index 5b6ddb27..ab69ecdc 100644 --- a/example/service.go +++ b/example/service.go @@ -19,7 +19,7 @@ import ( "github.com/zenazn/goji" "github.com/zenazn/goji/web" - "github.com/crewjam/saml/samlsp" + "github.com/lorodoes/saml/samlsp" ) var links = map[string]Link{} diff --git a/example/trivial/trivial.go b/example/trivial/trivial.go index 45f46080..738dc28e 100644 --- a/example/trivial/trivial.go +++ b/example/trivial/trivial.go @@ -12,7 +12,7 @@ import ( "net/url" "time" - "github.com/crewjam/saml/samlsp" + "github.com/lorodoes/saml/samlsp" ) var samlMiddleware *samlsp.Middleware diff --git a/go.mod b/go.mod index 2322c1b2..46fac6d5 100644 --- a/go.mod +++ b/go.mod @@ -14,6 +14,7 @@ require ( github.com/stretchr/testify v1.8.4 github.com/pkg/errors v0.9.1 // indirect github.com/sirupsen/logrus v1.9.0 // indirect + github.com/sirupsen/logrus v1.9.0 github.com/stretchr/testify v1.8.1 github.com/zenazn/goji v1.0.1 golang.org/x/crypto v0.18.0 @@ -27,5 +28,6 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/rogpeppe/go-internal v1.9.0 // indirect + golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 9c549450..83ac4b3e 100644 --- a/go.sum +++ b/go.sum @@ -52,15 +52,8 @@ github.com/zenazn/goji v1.0.1 h1:4lbD8Mx2h7IvloP7r2C0D6ltZP6Ufip8Hn0wmSK5LR8= github.com/zenazn/goji v1.0.1/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= golang.org/x/crypto v0.0.0-20220128200615-198e4374d7ed h1:YoWVYYAfvQ4ddHv3OKmIvX7NCAhFGTj62VP2l2kfBbA= golang.org/x/crypto v0.0.0-20220128200615-198e4374d7ed/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 h1:0A+M6Uqn+Eje4kHMK80dtF3JCXC4ykBgQG4Fe06QRhQ= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= diff --git a/identity_provider.go b/identity_provider.go index abaaad68..76097b62 100644 --- a/identity_provider.go +++ b/identity_provider.go @@ -21,8 +21,8 @@ import ( xrv "github.com/mattermost/xml-roundtrip-validator" dsig "github.com/russellhaering/goxmldsig" - "github.com/crewjam/saml/logger" - "github.com/crewjam/saml/xmlenc" + "github.com/lorodoes/saml/logger" + "github.com/lorodoes/saml/xmlenc" ) // Session represents a user session. It is returned by the diff --git a/identity_provider_test.go b/identity_provider_test.go index 9d06a4bb..292e9f22 100644 --- a/identity_provider_test.go +++ b/identity_provider_test.go @@ -28,9 +28,9 @@ import ( "github.com/golang-jwt/jwt/v4" dsig "github.com/russellhaering/goxmldsig" - "github.com/crewjam/saml/logger" - "github.com/crewjam/saml/testsaml" - "github.com/crewjam/saml/xmlenc" + "github.com/lorodoes/saml/logger" + "github.com/lorodoes/saml/testsaml" + "github.com/lorodoes/saml/xmlenc" ) type IdentityProviderTest struct { diff --git a/saml.go b/saml.go index b171e56d..2c1a12fb 100644 --- a/saml.go +++ b/saml.go @@ -11,7 +11,7 @@ // // Version 0.4.0 introduces a few breaking changes to the _samlsp_ package in order to make the package more extensible, and to clean up the interfaces a bit. The default behavior remains the same, but you can now provide interface implementations of _RequestTracker_ (which tracks pending requests), _Session_ (which handles maintaining a session) and _OnError_ which handles reporting errors. // -// Public fields of _samlsp.Middleware_ have changed, so some usages may require adjustment. See [issue 231](https://github.com/crewjam/saml/issues/231) for details. +// Public fields of _samlsp.Middleware_ have changed, so some usages may require adjustment. See [issue 231](https://github.com/lorodoes/saml/issues/231) for details. // // The option to provide an IDP metadata URL has been deprecated. Instead, we recommend that you use the `FetchMetadata()` function, or fetch the metadata yourself and use the new `ParseMetadata()` function, and pass the metadata in _samlsp.Options.IDPMetadata_. // @@ -76,7 +76,7 @@ // "net/http" // "net/url" // -// "github.com/crewjam/saml/samlsp" +// "github.com/lorodoes/saml/samlsp" // // ) // diff --git a/samlidp/samlidp.go b/samlidp/samlidp.go index 13ca10b9..0fe6b6d3 100644 --- a/samlidp/samlidp.go +++ b/samlidp/samlidp.go @@ -12,8 +12,8 @@ import ( "github.com/zenazn/goji/web" - "github.com/crewjam/saml" - "github.com/crewjam/saml/logger" + "github.com/lorodoes/saml" + "github.com/lorodoes/saml/logger" ) // Options represent the parameters to New() for creating a new IDP server diff --git a/samlidp/samlidp_test.go b/samlidp/samlidp_test.go index e5b2dafb..4ec591a7 100644 --- a/samlidp/samlidp_test.go +++ b/samlidp/samlidp_test.go @@ -18,8 +18,8 @@ import ( "github.com/golang-jwt/jwt/v4" - "github.com/crewjam/saml" - "github.com/crewjam/saml/logger" + "github.com/lorodoes/saml" + "github.com/lorodoes/saml/logger" ) type testRandomReader struct { diff --git a/samlidp/service.go b/samlidp/service.go index 0b62cd3b..9c2709ae 100644 --- a/samlidp/service.go +++ b/samlidp/service.go @@ -9,7 +9,7 @@ import ( "github.com/zenazn/goji/web" - "github.com/crewjam/saml" + "github.com/lorodoes/saml" ) // Service represents a configured SP for whom this IDP provides authentication services. diff --git a/samlidp/session.go b/samlidp/session.go index 8ffae2ba..eb4613ac 100644 --- a/samlidp/session.go +++ b/samlidp/session.go @@ -13,7 +13,7 @@ import ( "github.com/zenazn/goji/web" - "github.com/crewjam/saml" + "github.com/lorodoes/saml" ) var sessionMaxAge = time.Hour diff --git a/samlidp/util.go b/samlidp/util.go index 2cb3c162..94db8309 100644 --- a/samlidp/util.go +++ b/samlidp/util.go @@ -8,7 +8,7 @@ import ( xrv "github.com/mattermost/xml-roundtrip-validator" - "github.com/crewjam/saml" + "github.com/lorodoes/saml" ) func randomBytes(n int) []byte { diff --git a/samlsp/error.go b/samlsp/error.go index 496faccf..0e017e03 100644 --- a/samlsp/error.go +++ b/samlsp/error.go @@ -4,7 +4,7 @@ import ( "log" "net/http" - "github.com/crewjam/saml" + "github.com/lorodoes/saml" ) // ErrorFunction is a callback that is invoked to return an error to the diff --git a/samlsp/fetch_metadata.go b/samlsp/fetch_metadata.go index ede3c6b3..d5f4f29d 100644 --- a/samlsp/fetch_metadata.go +++ b/samlsp/fetch_metadata.go @@ -12,9 +12,8 @@ import ( "github.com/crewjam/httperr" xrv "github.com/mattermost/xml-roundtrip-validator" - "github.com/crewjam/saml/logger" - - "github.com/crewjam/saml" + "github.com/lorodoes/saml" + "github.com/lorodoes/saml/logger" ) // ParseMetadata parses arbitrary SAML IDP metadata. diff --git a/samlsp/middleware.go b/samlsp/middleware.go index f5eabb16..c12988b7 100644 --- a/samlsp/middleware.go +++ b/samlsp/middleware.go @@ -5,7 +5,7 @@ import ( "encoding/xml" "net/http" - "github.com/crewjam/saml" + "github.com/lorodoes/saml" ) // Middleware implements middleware than allows a web application diff --git a/samlsp/middleware_test.go b/samlsp/middleware_test.go index fdb05b20..58b74be3 100644 --- a/samlsp/middleware_test.go +++ b/samlsp/middleware_test.go @@ -23,8 +23,8 @@ import ( is "gotest.tools/assert/cmp" "gotest.tools/golden" - "github.com/crewjam/saml" - "github.com/crewjam/saml/testsaml" + "github.com/lorodoes/saml" + "github.com/lorodoes/saml/testsaml" ) type MiddlewareTest struct { diff --git a/samlsp/new.go b/samlsp/new.go index 81fa75f6..9ba9c0c3 100644 --- a/samlsp/new.go +++ b/samlsp/new.go @@ -9,7 +9,7 @@ import ( dsig "github.com/russellhaering/goxmldsig" - "github.com/crewjam/saml" + "github.com/lorodoes/saml" ) // Options represents the parameters for creating a new middleware diff --git a/samlsp/request_tracker_cookie.go b/samlsp/request_tracker_cookie.go index d9189f63..57f7dc1a 100644 --- a/samlsp/request_tracker_cookie.go +++ b/samlsp/request_tracker_cookie.go @@ -7,7 +7,7 @@ import ( "strings" "time" - "github.com/crewjam/saml" + "github.com/lorodoes/saml" ) var _ RequestTracker = CookieRequestTracker{} diff --git a/samlsp/request_tracker_jwt.go b/samlsp/request_tracker_jwt.go index 0ca47258..667306fe 100644 --- a/samlsp/request_tracker_jwt.go +++ b/samlsp/request_tracker_jwt.go @@ -7,7 +7,7 @@ import ( "github.com/golang-jwt/jwt/v4" - "github.com/crewjam/saml" + "github.com/lorodoes/saml" ) var defaultJWTSigningMethod = jwt.SigningMethodRS256 diff --git a/samlsp/session.go b/samlsp/session.go index cd1da5d6..854234b8 100644 --- a/samlsp/session.go +++ b/samlsp/session.go @@ -5,7 +5,7 @@ import ( "errors" "net/http" - "github.com/crewjam/saml" + "github.com/lorodoes/saml" ) // Session is an interface implemented to contain a session. diff --git a/samlsp/session_cookie.go b/samlsp/session_cookie.go index 691ccc13..82ed2d0f 100644 --- a/samlsp/session_cookie.go +++ b/samlsp/session_cookie.go @@ -7,7 +7,7 @@ import ( log "github.com/sirupsen/logrus" - "github.com/crewjam/saml" + "github.com/lorodoes/saml" ) const defaultSessionCookieName = "token" diff --git a/samlsp/session_cookie_test.go b/samlsp/session_cookie_test.go index 74fcf2cb..9832c24f 100644 --- a/samlsp/session_cookie_test.go +++ b/samlsp/session_cookie_test.go @@ -8,7 +8,7 @@ import ( "gotest.tools/assert" is "gotest.tools/assert/cmp" - "github.com/crewjam/saml" + "github.com/lorodoes/saml" ) func TestCookieSameSite(t *testing.T) { diff --git a/samlsp/session_jwt.go b/samlsp/session_jwt.go index 8d801e47..edd5a31b 100644 --- a/samlsp/session_jwt.go +++ b/samlsp/session_jwt.go @@ -8,7 +8,7 @@ import ( "github.com/golang-jwt/jwt/v4" - "github.com/crewjam/saml" + "github.com/lorodoes/saml" ) const ( diff --git a/samlsp/util.go b/samlsp/util.go index e1fa69ae..d5068f1b 100644 --- a/samlsp/util.go +++ b/samlsp/util.go @@ -3,7 +3,7 @@ package samlsp import ( "io" - "github.com/crewjam/saml" + "github.com/lorodoes/saml" ) func randomBytes(n int) []byte { diff --git a/service_provider.go b/service_provider.go index 0217ecea..ab57f0c2 100644 --- a/service_provider.go +++ b/service_provider.go @@ -23,8 +23,8 @@ import ( dsig "github.com/russellhaering/goxmldsig" "github.com/russellhaering/goxmldsig/etreeutils" - "github.com/crewjam/saml/logger" - "github.com/crewjam/saml/xmlenc" + "github.com/lorodoes/saml/logger" + "github.com/lorodoes/saml/xmlenc" ) // NameIDFormat is the format of the id diff --git a/service_provider_test.go b/service_provider_test.go index 4309738c..93a20960 100644 --- a/service_provider_test.go +++ b/service_provider_test.go @@ -21,7 +21,7 @@ import ( "github.com/beevik/etree" dsig "github.com/russellhaering/goxmldsig" - "github.com/crewjam/saml/testsaml" + "github.com/lorodoes/saml/testsaml" ) type ServiceProviderTest struct { From 8949f5982bc6fed807c963d127888652eb69accc Mon Sep 17 00:00:00 2001 From: Garrod Alwood Date: Wed, 29 Mar 2023 22:20:34 -0400 Subject: [PATCH 05/22] Adding additional debugging --- samlsp/middleware.go | 5 +++++ samlsp/session_cookie.go | 9 +++++++++ 2 files changed, 14 insertions(+) diff --git a/samlsp/middleware.go b/samlsp/middleware.go index c12988b7..a4b983f7 100644 --- a/samlsp/middleware.go +++ b/samlsp/middleware.go @@ -6,6 +6,7 @@ import ( "net/http" "github.com/lorodoes/saml" + log "github.com/sirupsen/logrus" ) // Middleware implements middleware than allows a web application @@ -108,17 +109,21 @@ func (m *Middleware) ServeACS(w http.ResponseWriter, r *http.Request) { // to start the SAML auth flow. func (m *Middleware) RequireAccount(handler http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + log.Debugf("RequireAccount: Getting the Session") session, err := m.Session.GetSession(r) if session != nil { + log.Debugf("RequireAccount: Session Not nil") r = r.WithContext(ContextWithSession(r.Context(), session)) handler.ServeHTTP(w, r) return } if err == ErrNoSession { + log.Debugf("RequireAccount: Error No Session") m.HandleStartAuthFlow(w, r) return } + log.Debugf("RequireAccount: error") m.OnError(w, r, err) }) } diff --git a/samlsp/session_cookie.go b/samlsp/session_cookie.go index 82ed2d0f..059a81b0 100644 --- a/samlsp/session_cookie.go +++ b/samlsp/session_cookie.go @@ -36,16 +36,21 @@ func (c CookieSessionProvider) CreateSession(w http.ResponseWriter, r *http.Requ c.Domain = domain } + log.Debugf("Creating the assertion") session, err := c.Codec.New(assertion) if err != nil { + log.Debugf("Error Creating the assertion") return err } + log.Debugf("Encoding the Session") value, err := c.Codec.Encode(session) if err != nil { + log.Debugf("Error Encoding the Session") return err } + log.Debugf("Setting the Cookie") http.SetCookie(w, &http.Cookie{ Name: c.Name, Domain: c.Domain, @@ -91,14 +96,18 @@ func (c CookieSessionProvider) GetSession(r *http.Request) (Session, error) { log.Debugf("Get Session") cookie, err := r.Cookie(c.Name) if err == http.ErrNoCookie { + log.Debugf("Get Session: Error No Session") return nil, ErrNoSession } else if err != nil { + log.Debugf("Get Session: Error") return nil, err } session, err := c.Codec.Decode(cookie.Value) if err != nil { + log.Debugf("Get Session decode: Error No Session") return nil, ErrNoSession } + log.Debugf("Returning the session") return session, nil } From dbf1ceff8f87527926eca8132389962e9147e608 Mon Sep 17 00:00:00 2001 From: Garrod Alwood Date: Wed, 29 Mar 2023 23:16:00 -0400 Subject: [PATCH 06/22] adding additional logging --- samlsp/middleware.go | 2 ++ samlsp/session_cookie.go | 1 + 2 files changed, 3 insertions(+) diff --git a/samlsp/middleware.go b/samlsp/middleware.go index a4b983f7..1b1aea0c 100644 --- a/samlsp/middleware.go +++ b/samlsp/middleware.go @@ -220,10 +220,12 @@ func (m *Middleware) CreateSessionFromAssertion(w http.ResponseWriter, r *http.R } if err := m.Session.CreateSession(w, r, assertion); err != nil { + log.Debugf("Error on CreateSession line 209, %s", err) m.OnError(w, r, err) return } + log.Debugf("Redirecting to URI") http.Redirect(w, r, redirectURI, http.StatusFound) } diff --git a/samlsp/session_cookie.go b/samlsp/session_cookie.go index 059a81b0..fefb529a 100644 --- a/samlsp/session_cookie.go +++ b/samlsp/session_cookie.go @@ -61,6 +61,7 @@ func (c CookieSessionProvider) CreateSession(w http.ResponseWriter, r *http.Requ SameSite: c.SameSite, Path: "/", }) + log.Debugf("Cookie Set") return nil } From b8350ca7481972c4582807e7d1ca262c7c454b97 Mon Sep 17 00:00:00 2001 From: Garrod Alwood Date: Thu, 30 Mar 2023 00:20:34 -0400 Subject: [PATCH 07/22] Additional Logging --- samlsp/middleware.go | 1 + samlsp/session_cookie.go | 13 ++++++++++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/samlsp/middleware.go b/samlsp/middleware.go index 1b1aea0c..1739711b 100644 --- a/samlsp/middleware.go +++ b/samlsp/middleware.go @@ -119,6 +119,7 @@ func (m *Middleware) RequireAccount(handler http.Handler) http.Handler { } if err == ErrNoSession { log.Debugf("RequireAccount: Error No Session") + log.Debugf("RequireAccount: Error: %s", err) m.HandleStartAuthFlow(w, r) return } diff --git a/samlsp/session_cookie.go b/samlsp/session_cookie.go index fefb529a..aa32fb3f 100644 --- a/samlsp/session_cookie.go +++ b/samlsp/session_cookie.go @@ -50,8 +50,7 @@ func (c CookieSessionProvider) CreateSession(w http.ResponseWriter, r *http.Requ return err } - log.Debugf("Setting the Cookie") - http.SetCookie(w, &http.Cookie{ + cookie := &http.Cookie{ Name: c.Name, Domain: c.Domain, Value: value, @@ -60,7 +59,12 @@ func (c CookieSessionProvider) CreateSession(w http.ResponseWriter, r *http.Requ Secure: c.Secure || r.URL.Scheme == "https", SameSite: c.SameSite, Path: "/", - }) + } + + log.Debugf("Setting the Cookie") + http.SetCookie(w, cookie) + log.Debugf("Log Response: %#v", w) + log.Debugf("Log Cookie: %#v", cookie) log.Debugf("Cookie Set") return nil } @@ -88,6 +92,8 @@ func (c CookieSessionProvider) DeleteSession(w http.ResponseWriter, r *http.Requ cookie.Path = "/" cookie.Domain = c.Domain http.SetCookie(w, cookie) + log.Debugf("Log Response: %#v", w) + log.Debugf("Log Cookie: %#v", cookie) return nil } @@ -98,6 +104,7 @@ func (c CookieSessionProvider) GetSession(r *http.Request) (Session, error) { cookie, err := r.Cookie(c.Name) if err == http.ErrNoCookie { log.Debugf("Get Session: Error No Session") + log.Debugf("Get Session: Error No Session: %s", err) return nil, ErrNoSession } else if err != nil { log.Debugf("Get Session: Error") From e0e6cabfde0048dec6c51f5d964db3e99685fffa Mon Sep 17 00:00:00 2001 From: Garrod Alwood Date: Thu, 30 Mar 2023 08:09:30 -0400 Subject: [PATCH 08/22] setting up compression --- samlsp/session_cookie.go | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/samlsp/session_cookie.go b/samlsp/session_cookie.go index aa32fb3f..022d9791 100644 --- a/samlsp/session_cookie.go +++ b/samlsp/session_cookie.go @@ -1,12 +1,18 @@ package samlsp import ( + "bytes" + "io" "net" "net/http" + "strings" "time" + b64 "encoding/base64" + log "github.com/sirupsen/logrus" + "github.com/andybalholm/brotli" "github.com/lorodoes/saml" ) @@ -50,10 +56,14 @@ func (c CookieSessionProvider) CreateSession(w http.ResponseWriter, r *http.Requ return err } + b := compressBrotli([]byte(value)) + + uEnc := b64.URLEncoding.EncodeToString(b) + cookie := &http.Cookie{ Name: c.Name, Domain: c.Domain, - Value: value, + Value: uEnc, MaxAge: int(c.MaxAge.Seconds()), HttpOnly: c.HTTPOnly, Secure: c.Secure || r.URL.Scheme == "https", @@ -111,7 +121,11 @@ func (c CookieSessionProvider) GetSession(r *http.Request) (Session, error) { return nil, err } - session, err := c.Codec.Decode(cookie.Value) + uDec, _ := b64.URLEncoding.DecodeString(cookie.Value) + + d, _ := decompressBrotli(uDec) + + session, err := c.Codec.Decode(d) if err != nil { log.Debugf("Get Session decode: Error No Session") return nil, ErrNoSession @@ -119,3 +133,21 @@ func (c CookieSessionProvider) GetSession(r *http.Request) (Session, error) { log.Debugf("Returning the session") return session, nil } + +func compressBrotli(data []byte) []byte { + var b bytes.Buffer + w := brotli.NewWriterLevel(&b, brotli.BestCompression) + w.Write(data) + w.Close() + return b.Bytes() +} + +func decompressBrotli(compressedData []byte) (string, error) { + reader := brotli.NewReader(bytes.NewReader(compressedData)) + var decompressedData strings.Builder + _, err := io.Copy(&decompressedData, reader) + if err != nil { + return "", err + } + return decompressedData.String(), nil +} From 3b662e9b38dccd5040e66bc09fe7216e38062957 Mon Sep 17 00:00:00 2001 From: Garrod Alwood Date: Fri, 31 Mar 2023 09:31:27 -0400 Subject: [PATCH 09/22] Adding memory map for data --- go.mod | 2 ++ go.sum | 9 +++++++++ samlsp/session_jwt.go | 33 ++++++++++++++++++++++++++++++++- user_attributes.go | 3 +++ 4 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 user_attributes.go diff --git a/go.mod b/go.mod index 46fac6d5..199e7d95 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,9 @@ require ( ) require ( + github.com/andybalholm/brotli v1.0.5 // indirect github.com/davecgh/go-spew v1.1.1 // indirect + github.com/google/uuid v1.3.0 // indirect github.com/jonboulle/clockwork v0.2.2 // indirect github.com/kr/text v0.2.0 // indirect github.com/pkg/errors v0.9.1 // indirect diff --git a/go.sum b/go.sum index 83ac4b3e..e1d00824 100644 --- a/go.sum +++ b/go.sum @@ -1,3 +1,6 @@ +github.com/andybalholm/brotli v1.0.5 h1:8uQZIdzKmjc/iuPu7O2ioW48L81FgatrcpfFmiq/cCs= +github.com/andybalholm/brotli v1.0.5/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= +github.com/beevik/etree v1.1.0 h1:T0xke/WvNtMoCqgzPhkX2r4rjY3GDZFi+FjpRZY2Jbs= github.com/beevik/etree v1.1.0/go.mod h1:r8Aw8JqVegEf0w2fDnATrX9VpkMcyFeM0FhwO62wh+A= github.com/beevik/etree v1.2.0 h1:l7WETslUG/T+xOPs47dtd6jov2Ii/8/OjCldk5fYfQw= github.com/beevik/etree v1.2.0/go.mod h1:aiPf89g/1k3AShMVAzriilpcE4R/Vuor90y83zVZWFc= @@ -13,6 +16,12 @@ github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOW github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/golang-jwt/jwt/v4 v4.4.3 h1:Hxl6lhQFj4AnOX6MLrsCb/+7tCj7DxP7VA+2rDIq5AU= +github.com/golang-jwt/jwt/v4 v4.4.3/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= +github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= +github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/jonboulle/clockwork v0.2.2 h1:UOGuzwb1PwsrDAObMuhUnj0p5ULPj8V/xJ7Kx9qUBdQ= github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= diff --git a/samlsp/session_jwt.go b/samlsp/session_jwt.go index edd5a31b..994010e4 100644 --- a/samlsp/session_jwt.go +++ b/samlsp/session_jwt.go @@ -2,10 +2,15 @@ package samlsp import ( "crypto/rsa" + "encoding/json" "errors" "fmt" "time" + log "github.com/sirupsen/logrus" + + "github.com/google/uuid" + "github.com/golang-jwt/jwt/v4" "github.com/lorodoes/saml" @@ -47,6 +52,7 @@ func (c JWTSessionCodec) New(assertion *saml.Assertion) (Session, error) { } } + Attributes := map[string][]string{} claims.Attributes = map[string][]string{} for _, attributeStatement := range assertion.AttributeStatements { @@ -56,7 +62,7 @@ func (c JWTSessionCodec) New(assertion *saml.Assertion) (Session, error) { claimName = attr.Name } for _, value := range attr.Values { - claims.Attributes[claimName] = append(claims.Attributes[claimName], value.Value) + Attributes[claimName] = append(Attributes[claimName], value.Value) } } } @@ -67,6 +73,21 @@ func (c JWTSessionCodec) New(assertion *saml.Assertion) (Session, error) { authnStatement.SessionIndex) } + log.Debugf("Attributes: %#v", Attributes) + + mapAsBytes, err := json.Marshal(claims) + if err != nil { + log.Fatalf("json marshal error: %s", err) + } + mapstring := string(mapAsBytes) + id, err := uuid.NewRandom() + if err != nil { + log.Panicf("error getting uuid: %s", err) + } + stringid := id.String() + saml.UserAttributes[stringid] = mapstring + claims.Attributes["id"] = append(claims.Attributes["id"], stringid) + return claims, nil } @@ -96,6 +117,16 @@ func (c JWTSessionCodec) Decode(signed string) (Session, error) { _, err := parser.ParseWithClaims(signed, &claims, func(*jwt.Token) (interface{}, error) { return c.Key.Public(), nil }) + + UserId := claims.Attributes["id"] + id := fmt.Sprintf("%s", UserId) + mapstring := saml.UserAttributes[id] + attributes := map[string]string{} + json.Unmarshal([]byte(mapstring), &attributes) + for k, v := range attributes { + claims.Attributes[k] = append(claims.Attributes[k], v) + } + // TODO(ross): check for errors due to bad time and return ErrNoSession if err != nil { return nil, err diff --git a/user_attributes.go b/user_attributes.go new file mode 100644 index 00000000..cb22570f --- /dev/null +++ b/user_attributes.go @@ -0,0 +1,3 @@ +package saml + +var UserAttributes map[string]string From ef46b9dc53efa38a4f56f0dd8a296f0c8cbf91b8 Mon Sep 17 00:00:00 2001 From: Garrod Alwood Date: Fri, 31 Mar 2023 10:56:18 -0400 Subject: [PATCH 10/22] Adding debug to jwt to figure out the issue --- samlsp/session_jwt.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/samlsp/session_jwt.go b/samlsp/session_jwt.go index 994010e4..549daad5 100644 --- a/samlsp/session_jwt.go +++ b/samlsp/session_jwt.go @@ -75,14 +75,19 @@ func (c JWTSessionCodec) New(assertion *saml.Assertion) (Session, error) { log.Debugf("Attributes: %#v", Attributes) + log.Debugf("Turning claims in to json") mapAsBytes, err := json.Marshal(claims) if err != nil { + fmt.Println("Error marshaling claims to JSON:", err) + log.Errorf("%s", err) + log.Debugf("Error on Marshalling json") log.Fatalf("json marshal error: %s", err) } mapstring := string(mapAsBytes) id, err := uuid.NewRandom() if err != nil { - log.Panicf("error getting uuid: %s", err) + fmt.Println("error getting uuid: ", err) + log.Panicf("error getting uuid: ", err) } stringid := id.String() saml.UserAttributes[stringid] = mapstring From 3e5efe8c4b4265704f749f140c24990445054f20 Mon Sep 17 00:00:00 2001 From: Garrod Alwood Date: Fri, 31 Mar 2023 11:29:16 -0400 Subject: [PATCH 11/22] Fixing attributes --- samlsp/session_jwt.go | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/samlsp/session_jwt.go b/samlsp/session_jwt.go index 549daad5..12677c1c 100644 --- a/samlsp/session_jwt.go +++ b/samlsp/session_jwt.go @@ -43,7 +43,8 @@ func (c JWTSessionCodec) New(assertion *saml.Assertion) (Session, error) { claims.Audience = c.Audience claims.Issuer = c.Issuer claims.IssuedAt = now.Unix() - claims.ExpiresAt = now.Add(c.MaxAge).Unix() + expiresat := now.Add(c.MaxAge).Unix() + claims.ExpiresAt = expiresat claims.NotBefore = now.Unix() if sub := assertion.Subject; sub != nil { @@ -75,12 +76,14 @@ func (c JWTSessionCodec) New(assertion *saml.Assertion) (Session, error) { log.Debugf("Attributes: %#v", Attributes) + strExpiresAt := fmt.Sprintf("%d", expiresat) + + Attributes["ExpiresAtSAML"] = append(Attributes["ExpiresAtSAML"], strExpiresAt) + log.Debugf("Turning claims in to json") - mapAsBytes, err := json.Marshal(claims) + mapAsBytes, err := json.Marshal(Attributes) if err != nil { fmt.Println("Error marshaling claims to JSON:", err) - log.Errorf("%s", err) - log.Debugf("Error on Marshalling json") log.Fatalf("json marshal error: %s", err) } mapstring := string(mapAsBytes) From dc6b8a11c634f23b1e32ac58c2bd12ceac06831a Mon Sep 17 00:00:00 2001 From: Garrod Alwood Date: Fri, 31 Mar 2023 12:05:45 -0400 Subject: [PATCH 12/22] Adding additional debug --- samlsp/session_jwt.go | 1 + 1 file changed, 1 insertion(+) diff --git a/samlsp/session_jwt.go b/samlsp/session_jwt.go index 12677c1c..8d5f0868 100644 --- a/samlsp/session_jwt.go +++ b/samlsp/session_jwt.go @@ -96,6 +96,7 @@ func (c JWTSessionCodec) New(assertion *saml.Assertion) (Session, error) { saml.UserAttributes[stringid] = mapstring claims.Attributes["id"] = append(claims.Attributes["id"], stringid) + log.Debugf("Returning Claims") return claims, nil } From 9ab026383f643c43e108b8abb0590fc25a42688a Mon Sep 17 00:00:00 2001 From: Garrod Alwood Date: Fri, 31 Mar 2023 12:53:55 -0400 Subject: [PATCH 13/22] Adding debug --- samlsp/session_jwt.go | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/samlsp/session_jwt.go b/samlsp/session_jwt.go index 8d5f0868..1d74d69e 100644 --- a/samlsp/session_jwt.go +++ b/samlsp/session_jwt.go @@ -81,16 +81,12 @@ func (c JWTSessionCodec) New(assertion *saml.Assertion) (Session, error) { Attributes["ExpiresAtSAML"] = append(Attributes["ExpiresAtSAML"], strExpiresAt) log.Debugf("Turning claims in to json") - mapAsBytes, err := json.Marshal(Attributes) - if err != nil { - fmt.Println("Error marshaling claims to JSON:", err) - log.Fatalf("json marshal error: %s", err) - } + mapAsBytes, _ := json.Marshal(Attributes) mapstring := string(mapAsBytes) + log.Debugf("attribute string: %s", mapstring) id, err := uuid.NewRandom() if err != nil { - fmt.Println("error getting uuid: ", err) - log.Panicf("error getting uuid: ", err) + log.Panicf("error getting uuid: %s", err) } stringid := id.String() saml.UserAttributes[stringid] = mapstring From af6ad973253f798dc17751301a87b8bff08eee27 Mon Sep 17 00:00:00 2001 From: Garrod Alwood Date: Fri, 31 Mar 2023 13:14:51 -0400 Subject: [PATCH 14/22] uuid getting error --- samlsp/session_jwt.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/samlsp/session_jwt.go b/samlsp/session_jwt.go index 1d74d69e..8bf20e6d 100644 --- a/samlsp/session_jwt.go +++ b/samlsp/session_jwt.go @@ -84,10 +84,7 @@ func (c JWTSessionCodec) New(assertion *saml.Assertion) (Session, error) { mapAsBytes, _ := json.Marshal(Attributes) mapstring := string(mapAsBytes) log.Debugf("attribute string: %s", mapstring) - id, err := uuid.NewRandom() - if err != nil { - log.Panicf("error getting uuid: %s", err) - } + id, _ := uuid.NewRandom() stringid := id.String() saml.UserAttributes[stringid] = mapstring claims.Attributes["id"] = append(claims.Attributes["id"], stringid) From ecd4de5f0ce41b3ad43312d70a7c399a6ef981d4 Mon Sep 17 00:00:00 2001 From: Garrod Alwood Date: Fri, 31 Mar 2023 15:01:37 -0400 Subject: [PATCH 15/22] Fixing uuid issues --- samlsp/session_jwt.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/samlsp/session_jwt.go b/samlsp/session_jwt.go index 8bf20e6d..fd319a6d 100644 --- a/samlsp/session_jwt.go +++ b/samlsp/session_jwt.go @@ -84,7 +84,8 @@ func (c JWTSessionCodec) New(assertion *saml.Assertion) (Session, error) { mapAsBytes, _ := json.Marshal(Attributes) mapstring := string(mapAsBytes) log.Debugf("attribute string: %s", mapstring) - id, _ := uuid.NewRandom() + log.Debugf("Creat") + id := uuid.New() stringid := id.String() saml.UserAttributes[stringid] = mapstring claims.Attributes["id"] = append(claims.Attributes["id"], stringid) From 9eaf0346b73a7200d78b44e7294ab741fffd803f Mon Sep 17 00:00:00 2001 From: Garrod Alwood Date: Fri, 31 Mar 2023 15:19:49 -0400 Subject: [PATCH 16/22] Fixing the Userattributes var --- samlsp/session_jwt.go | 5 ++++- user_attributes.go | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/samlsp/session_jwt.go b/samlsp/session_jwt.go index fd319a6d..f16b4d22 100644 --- a/samlsp/session_jwt.go +++ b/samlsp/session_jwt.go @@ -84,10 +84,13 @@ func (c JWTSessionCodec) New(assertion *saml.Assertion) (Session, error) { mapAsBytes, _ := json.Marshal(Attributes) mapstring := string(mapAsBytes) log.Debugf("attribute string: %s", mapstring) - log.Debugf("Creat") + log.Debugf("Create UUID") id := uuid.New() + log.Debugf("Stringify UUID") stringid := id.String() + log.Debugf("String into memory map") saml.UserAttributes[stringid] = mapstring + log.Debugf("append string id in to attributes") claims.Attributes["id"] = append(claims.Attributes["id"], stringid) log.Debugf("Returning Claims") diff --git a/user_attributes.go b/user_attributes.go index cb22570f..9d924a4a 100644 --- a/user_attributes.go +++ b/user_attributes.go @@ -1,3 +1,3 @@ package saml -var UserAttributes map[string]string +var UserAttributes = map[string]string{} From 0199c6f06880e751ad76c7091df49aae60c569d5 Mon Sep 17 00:00:00 2001 From: Garrod Alwood Date: Fri, 31 Mar 2023 15:43:29 -0400 Subject: [PATCH 17/22] fix for decode --- samlsp/session_jwt.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/samlsp/session_jwt.go b/samlsp/session_jwt.go index f16b4d22..b5a6ecea 100644 --- a/samlsp/session_jwt.go +++ b/samlsp/session_jwt.go @@ -5,6 +5,7 @@ import ( "encoding/json" "errors" "fmt" + "strings" "time" log "github.com/sirupsen/logrus" @@ -116,6 +117,7 @@ func (c JWTSessionCodec) Encode(s Session) (string, error) { // Decode parses the serialized session that may have been returned by Encode // and returns a Session. func (c JWTSessionCodec) Decode(signed string) (Session, error) { + log.Debugf("Starting Debug") parser := jwt.Parser{ ValidMethods: []string{c.SigningMethod.Alg()}, } @@ -125,8 +127,10 @@ func (c JWTSessionCodec) Decode(signed string) (Session, error) { }) UserId := claims.Attributes["id"] - id := fmt.Sprintf("%s", UserId) - mapstring := saml.UserAttributes[id] + log.Debugf("UserID: %s", UserId) + UserIdString := strings.Join(UserId, "") + log.Debugf("UserID: %s", &UserIdString) + mapstring := saml.UserAttributes[UserIdString] attributes := map[string]string{} json.Unmarshal([]byte(mapstring), &attributes) for k, v := range attributes { From eec688cb4347dd4f1fadcfdced2e7b0f90144cdf Mon Sep 17 00:00:00 2001 From: Garrod Alwood Date: Fri, 31 Mar 2023 16:03:18 -0400 Subject: [PATCH 18/22] Fix decode --- samlsp/session_jwt.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/samlsp/session_jwt.go b/samlsp/session_jwt.go index b5a6ecea..af56cbae 100644 --- a/samlsp/session_jwt.go +++ b/samlsp/session_jwt.go @@ -129,8 +129,9 @@ func (c JWTSessionCodec) Decode(signed string) (Session, error) { UserId := claims.Attributes["id"] log.Debugf("UserID: %s", UserId) UserIdString := strings.Join(UserId, "") - log.Debugf("UserID: %s", &UserIdString) + log.Debugf("String UserID: %s", UserIdString) mapstring := saml.UserAttributes[UserIdString] + log.Debugf("map String: %#v", mapstring) attributes := map[string]string{} json.Unmarshal([]byte(mapstring), &attributes) for k, v := range attributes { From 53607149a4b16fe7e36f8fe4a5edd038f1fe7b92 Mon Sep 17 00:00:00 2001 From: Garrod Alwood Date: Fri, 31 Mar 2023 16:52:57 -0400 Subject: [PATCH 19/22] Adding debugging --- samlsp/session_jwt.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/samlsp/session_jwt.go b/samlsp/session_jwt.go index af56cbae..08edf548 100644 --- a/samlsp/session_jwt.go +++ b/samlsp/session_jwt.go @@ -134,7 +134,9 @@ func (c JWTSessionCodec) Decode(signed string) (Session, error) { log.Debugf("map String: %#v", mapstring) attributes := map[string]string{} json.Unmarshal([]byte(mapstring), &attributes) + log.Debugf("Map: %#v", attributes) for k, v := range attributes { + log.Debugf("key: %s", k) claims.Attributes[k] = append(claims.Attributes[k], v) } From 26316b092c8ba4dcc6148178fdc22b4e982e1698 Mon Sep 17 00:00:00 2001 From: Garrod Alwood Date: Fri, 31 Mar 2023 17:22:07 -0400 Subject: [PATCH 20/22] fixing attributes --- samlsp/session_jwt.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/samlsp/session_jwt.go b/samlsp/session_jwt.go index 08edf548..add36c90 100644 --- a/samlsp/session_jwt.go +++ b/samlsp/session_jwt.go @@ -132,12 +132,12 @@ func (c JWTSessionCodec) Decode(signed string) (Session, error) { log.Debugf("String UserID: %s", UserIdString) mapstring := saml.UserAttributes[UserIdString] log.Debugf("map String: %#v", mapstring) - attributes := map[string]string{} + var attributes map[string]interface{} json.Unmarshal([]byte(mapstring), &attributes) log.Debugf("Map: %#v", attributes) for k, v := range attributes { log.Debugf("key: %s", k) - claims.Attributes[k] = append(claims.Attributes[k], v) + claims.Attributes[k] = append(claims.Attributes[k], v.(string)) } // TODO(ross): check for errors due to bad time and return ErrNoSession From 5861159b5d6aa7dff45a008a5de877d1d603d931 Mon Sep 17 00:00:00 2001 From: Garrod Alwood Date: Sat, 1 Apr 2023 09:38:35 -0400 Subject: [PATCH 21/22] Fixing attributes --- samlsp/session_jwt.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/samlsp/session_jwt.go b/samlsp/session_jwt.go index add36c90..29ef724d 100644 --- a/samlsp/session_jwt.go +++ b/samlsp/session_jwt.go @@ -132,12 +132,13 @@ func (c JWTSessionCodec) Decode(signed string) (Session, error) { log.Debugf("String UserID: %s", UserIdString) mapstring := saml.UserAttributes[UserIdString] log.Debugf("map String: %#v", mapstring) - var attributes map[string]interface{} + var attributes map[string][]string json.Unmarshal([]byte(mapstring), &attributes) log.Debugf("Map: %#v", attributes) for k, v := range attributes { log.Debugf("key: %s", k) - claims.Attributes[k] = append(claims.Attributes[k], v.(string)) + log.Debugf("value: %s", v) + claims.Attributes[k] = v } // TODO(ross): check for errors due to bad time and return ErrNoSession From ff4e10739d1688cd9c1e986e0777b94380a80efd Mon Sep 17 00:00:00 2001 From: Garrod Alwood Date: Sat, 1 Apr 2023 10:14:21 -0400 Subject: [PATCH 22/22] Fixing for missing key id in memory map --- samlsp/session_jwt.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/samlsp/session_jwt.go b/samlsp/session_jwt.go index 29ef724d..69c6eb8a 100644 --- a/samlsp/session_jwt.go +++ b/samlsp/session_jwt.go @@ -130,7 +130,10 @@ func (c JWTSessionCodec) Decode(signed string) (Session, error) { log.Debugf("UserID: %s", UserId) UserIdString := strings.Join(UserId, "") log.Debugf("String UserID: %s", UserIdString) - mapstring := saml.UserAttributes[UserIdString] + mapstring, ok := saml.UserAttributes[UserIdString] + if !ok { + return nil, ErrNoSession + } log.Debugf("map String: %#v", mapstring) var attributes map[string][]string json.Unmarshal([]byte(mapstring), &attributes)