Closed jonasfj closed 7 years ago
amdonov
commented
8 years ago How about Apache 2? I'm happy for anyone to use it however they would like. I keep meaning to get back to this, but it's at something of a crossroads. Fully implementing the spec requires validating signatures which is difficult it go because there isn't a DOM implementation or canonicalization available. I either have to write some of that or drop down to a C library. I can't make up my mind on how to proceed.
jonasfj
commented
8 years ago Apache 2 is great...
I must admit I barely know SAML, but I doubt it uses any crypto algorithms that aren't readily available for go... But I'm sure the XML parts are unpleasant..
(also can't really find a solid ldap things for golang, but that's probably less relevant) Update: I'm wrong, there is LDAP libs like githib.com/nmcclain/ldap
amdonov
commented
8 years ago I'd probably use https://github.com/go-ldap/ldap. It's included in Red Hat's OpenShift project, and I it authenticates against LDAP nicely.
You talked me into keeping everything in Go. I don't really need to support XML signature validation if I require 2-way SSL for artifact resolution requests.
jonasfj
commented
8 years ago I'm curious (and new to go) but I can't imagine that there isn't some decent XML libs for go..
Or what was it you were considering to use a c library for?
amdonov
commented
8 years ago The same XML data can be represented multiple ways due to namespaces, whitespace, etc. Prior to verifying or applying a digital signature, the XML must be normalized through a process called canonization. I was able to due this in go for signatures because the XML it produces is very consistent. It is much more difficult to do in general for incoming requests.
I can ensure the same level of security if data is transported over HTTPS with client certificates and avoid verifying signatures. On Jan 29, 2016 3:53 AM, "Jonas Finnemann Jensen" notifications@github.com wrote:
I'm curious (and new to go) but I can't imagine that there isn't some decent XML libs for go..
Or what was it you were considering to use a c library for?
— Reply to this email directly or view it on GitHub https://github.com/amdonov/lite-idp/issues/3#issuecomment-176648851.
Have you considered throwing a license on this?
I'm just looking... With some docs it might have been reusable. When I see what commercial offerings charge for a simple saml-LDAP solution that barely works I'm tempted to roll my own :)