-
Notifications
You must be signed in to change notification settings - Fork 0
/
handler.go
59 lines (51 loc) · 1.55 KB
/
handler.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
package caddy_saml_sso
import (
"net/http"
"strings"
"github.com/caddyserver/caddy/v2"
"github.com/caddyserver/caddy/v2/modules/caddyhttp"
"github.com/crewjam/saml/samlsp"
)
// Holds all the module's data
type Middleware struct {
SamlIdpUrl string `json:"saml_idp_url,omitempty"`
SamlCertFile string `json:"saml_cert_file,omitempty"`
SamlKeyFile string `json:"saml_cert_key,omitempty"`
SamlRootUrl string `json:"saml_root_url,omitempty"`
SamlSP *samlsp.Middleware
SamlHandler http.Handler
}
func init() {
caddy.RegisterModule(Middleware{})
}
// ServeHTTP implements caddyhttp.MiddlewareHandler.
func (m Middleware) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error {
log("middleware path=%s", r.URL.Path)
// If the request is part of the SAML flow,
// handle the request with the SAML library
if strings.HasPrefix(r.URL.Path, "/saml") {
m.SamlSP.ServeHTTP(w, r)
return nil
} else {
// before going down the middleware stack, make sure
// we are in a SAML session
m.SamlHandler.ServeHTTP(w, r)
// Let's grab the SAML session attributes and add them to the header
// so other services can use it
attributes, err := m.extractAttributes(r)
if attributes != nil && err == nil {
log("number of attributes=%d", len(attributes))
for k, v := range attributes {
if len(v) == 1 {
if w.Header().Get(k) == "" {
w.Header().Add(k, v[0])
}
}
}
} else {
log("attributes=%v err=%s", attributes, err)
}
log("saml_sso v%s middlware done", version)
return next.ServeHTTP(w, r)
}
}