英文:
Is there a SAML library for The Go Language?
问题
我看到了为Go编程语言编写的goauth和go-oauth OAuth库,但是在网上搜索了几个小时后,没有找到关于SAML的任何内容。
我想使用Go来实现使用SAML的SSO支持的Web服务,但是由于没有Go的SAML库,看起来我将不得不在另一种语言中实现一个独立的服务来“包装”SAML逻辑。
有人知道一个适用于Go的SAML库吗?或者有没有一些使用Java、C或PHP库的技巧可以在Go程序中使用?
英文:
I see that the goauth and go-oauth OAuth libraries have been written for the Go Programming Language, but a couple of hours of searching online turns up nothing for SAML.
I would like to use Go to implement SSO support using SAML for a web service, but without a SAML library for Go it looks like I will have to "wrap" the SAML logic in a separate service, implemented in another language.
Does anyone know of a Go-friendly SAML library, or maybe some some trick for using a Java, C, or PHP library from a Go program?
1: https://github.com/alloy-d/goauth "goauth"
2: https://github.com/garyburd/go-oauth "go-oauth"
3: http://golang.org/ "Go Programming Language"
4: http://en.wikipedia.org/wiki/SAML_2.0 "SAML"
答案1
得分: 12
我已经使用了gosaml,它运行得很好,但还有来自robots and pencils的go-saml。
我想在一年后回答这个问题是因为对于寻找Go的SAML库的人来说,仍然有必要在这里提供某种答案。
英文:
I have used gosaml and it works pretty good but there is also go-saml from robots and pencils.
I figured after a year, it would be good to answer this question because it would still be good to have some sort of answer here for people looking for SAML libraries for Go.
答案2
得分: 4
我还没有看到Go语言的SAML实现,但是你可以在你的应用程序前面使用一个已经实现了SAML的服务器。
最受支持的SAML实现之一是Shibboleth。Apache模块是最成熟的,也可能是最容易使用的方法,因为你只需要将你的应用程序放在Apache的反向代理后面。还有一个快速CGI认证器,它使用相同的后端,但我无法对其实现的简易性发表意见。
如果你只需要一个服务提供者,最简单的SAML绑定是HTTP-POST-SimpleSign。我用Python做了一个概念验证实现,试图展示最简单的服务提供者。我对这个模块的稳定性不做任何保证,但你可以看到它可能只需要不太多的代码就可以实现。前提是你正在使用的身份提供者支持这个绑定。并且在部署任何自定义安全相关代码时要谨慎。
英文:
I haven't seen a SAML implementation for Go, but you could use a server that already implements it in front of your app.
One of the best supported SAML implementations is Shibboleth. The apache module is the most mature, and is probably the easiest method to use, since you just put your app behind a reverse proxy in apache. There's also a fastcgi authenticator, which uses the same backend, but I can't speak for it's ease of implementation.
If you just need a service-provider, the simplest SAML binding is HTTP-POST-SimpleSign. I made a proof-of-concept implementation in python, to try and demonstrate the simplest SP I could. I make no claims to the robustness of this module, but you can see that it could be done with not too much code. That's assuming the Identity Providers you're working with support this binding. And as always, be wary when deploying any custom security-related code.
答案3
得分: 3
如果您想要在断言消费者端点验证来自AWS IdP的SAML响应,那么最好使用https://github.com/crewjam/saml,因为它不依赖于libxmlsec1系统库。
由于某些未定义的命名空间,libxmlsec1无法成功验证来自某些IdP(如AWS)的SAML响应。
英文:
If you want to validate SAML replies from AWS IdP in your assertion consumer endpoint then you better go with https://github.com/crewjam/saml as it does not rely on libxmlsec1 system library.
For some reason libxmlsec1 does not validate SAML replies from some IdP (AWS) successfully (supposedly because of some undefined namespaces).
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论