diff --git a/driver/registry_default.go b/driver/registry_default.go
index ebec168b664a..0fb64da96a21 100644
--- a/driver/registry_default.go
+++ b/driver/registry_default.go
@@ -37,13 +37,11 @@ import (
"github.com/ory/kratos/hash"
"github.com/ory/kratos/schema"
"github.com/ory/kratos/selfservice/flow/recovery"
- "github.com/ory/kratos/selfservice/flow/saml"
"github.com/ory/kratos/selfservice/flow/settings"
"github.com/ory/kratos/selfservice/flow/verification"
"github.com/ory/kratos/selfservice/hook"
"github.com/ory/kratos/selfservice/strategy/link"
"github.com/ory/kratos/selfservice/strategy/profile"
- samlstrategy "github.com/ory/kratos/selfservice/strategy/saml/strategy"
"github.com/ory/kratos/x"
"github.com/cenkalti/backoff"
@@ -63,6 +61,7 @@ import (
"github.com/ory/kratos/selfservice/flow/logout"
"github.com/ory/kratos/selfservice/flow/registration"
"github.com/ory/kratos/selfservice/strategy/oidc"
+ "github.com/ory/kratos/selfservice/strategy/saml"
"github.com/ory/herodot"
@@ -292,7 +291,7 @@ func (m *RegistryDefault) selfServiceStrategies() []interface{} {
m.selfserviceStrategies = []interface{}{
password2.NewStrategy(m),
oidc.NewStrategy(m),
- samlstrategy.NewStrategy(m),
+ saml.NewStrategy(m),
profile.NewStrategy(m),
link.NewStrategy(m),
totp.NewStrategy(m),
diff --git a/driver/registry_default_saml.go b/driver/registry_default_saml.go
index c201047fc21d..23b619b0ec82 100644
--- a/driver/registry_default_saml.go
+++ b/driver/registry_default_saml.go
@@ -1,6 +1,6 @@
package driver
-import "github.com/ory/kratos/selfservice/flow/saml"
+import "github.com/ory/kratos/selfservice/strategy/saml"
func (m *RegistryDefault) SAMLHandler() *saml.Handler {
if m.selfserviceSAMLHandler == nil {
diff --git a/selfservice/flow/saml/test/testdata/idp_saml_metadata.xml b/selfservice/flow/saml/test/testdata/idp_saml_metadata.xml
deleted file mode 100644
index dcaf7f051dae..000000000000
--- a/selfservice/flow/saml/test/testdata/idp_saml_metadata.xml
+++ /dev/null
@@ -1,118 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- testshib.org
-
- TestShib Test IdP
- TestShib IdP. Use this as a source of attributes
- for your test SP.
- https://www.testshib.org/testshibtwo.jpg
-
-
-
-
-
- MIIEDjCCAvagAwIBAgIBADANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJVUzEV
- MBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1cmdoMREwDwYD
- VQQKEwhUZXN0U2hpYjEZMBcGA1UEAxMQaWRwLnRlc3RzaGliLm9yZzAeFw0wNjA4
- MzAyMTEyMjVaFw0xNjA4MjcyMTEyMjVaMGcxCzAJBgNVBAYTAlVTMRUwEwYDVQQI
- EwxQZW5uc3lsdmFuaWExEzARBgNVBAcTClBpdHRzYnVyZ2gxETAPBgNVBAoTCFRl
- c3RTaGliMRkwFwYDVQQDExBpZHAudGVzdHNoaWIub3JnMIIBIjANBgkqhkiG9w0B
- AQEFAAOCAQ8AMIIBCgKCAQEArYkCGuTmJp9eAOSGHwRJo1SNatB5ZOKqDM9ysg7C
- yVTDClcpu93gSP10nH4gkCZOlnESNgttg0r+MqL8tfJC6ybddEFB3YBo8PZajKSe
- 3OQ01Ow3yT4I+Wdg1tsTpSge9gEz7SrC07EkYmHuPtd71CHiUaCWDv+xVfUQX0aT
- NPFmDixzUjoYzbGDrtAyCqA8f9CN2txIfJnpHE6q6CmKcoLADS4UrNPlhHSzd614
- kR/JYiks0K4kbRqCQF0Dv0P5Di+rEfefC6glV8ysC8dB5/9nb0yh/ojRuJGmgMWH
- gWk6h0ihjihqiu4jACovUZ7vVOCgSE5Ipn7OIwqd93zp2wIDAQABo4HEMIHBMB0G
- A1UdDgQWBBSsBQ869nh83KqZr5jArr4/7b+QazCBkQYDVR0jBIGJMIGGgBSsBQ86
- 9nh83KqZr5jArr4/7b+Qa6FrpGkwZzELMAkGA1UEBhMCVVMxFTATBgNVBAgTDFBl
- bm5zeWx2YW5pYTETMBEGA1UEBxMKUGl0dHNidXJnaDERMA8GA1UEChMIVGVzdFNo
- aWIxGTAXBgNVBAMTEGlkcC50ZXN0c2hpYi5vcmeCAQAwDAYDVR0TBAUwAwEB/zAN
- BgkqhkiG9w0BAQUFAAOCAQEAjR29PhrCbk8qLN5MFfSVk98t3CT9jHZoYxd8QMRL
- I4j7iYQxXiGJTT1FXs1nd4Rha9un+LqTfeMMYqISdDDI6tv8iNpkOAvZZUosVkUo
- 93pv1T0RPz35hcHHYq2yee59HJOco2bFlcsH8JBXRSRrJ3Q7Eut+z9uo80JdGNJ4
- /SJy5UorZ8KazGj16lfJhOBXldgrhppQBb0Nq6HKHguqmwRfJ+WkxemZXzhediAj
- Geka8nz8JjwxpUjAiSWYKLtJhGEaTqCYxCCX2Dw+dOTqUzHOZ7WKv4JXPK5G/Uhr
- 8K/qhmFT2nIQi538n6rVYLeWj8Bbnl+ev0peYzxFyF5sQA==
-
-
-
-
-
-
-
-
-
-
-
- urn:mace:shibboleth:1.0:nameIdentifier
- urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
-
-
-
-
-
-
-
-
-
-
- MIIEDjCCAvagAwIBAgIBADANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJVUzEV
- MBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1cmdoMREwDwYD
- VQQKEwhUZXN0U2hpYjEZMBcGA1UEAxMQaWRwLnRlc3RzaGliLm9yZzAeFw0wNjA4
- MzAyMTEyMjVaFw0xNjA4MjcyMTEyMjVaMGcxCzAJBgNVBAYTAlVTMRUwEwYDVQQI
- EwxQZW5uc3lsdmFuaWExEzARBgNVBAcTClBpdHRzYnVyZ2gxETAPBgNVBAoTCFRl
- c3RTaGliMRkwFwYDVQQDExBpZHAudGVzdHNoaWIub3JnMIIBIjANBgkqhkiG9w0B
- AQEFAAOCAQ8AMIIBCgKCAQEArYkCGuTmJp9eAOSGHwRJo1SNatB5ZOKqDM9ysg7C
- yVTDClcpu93gSP10nH4gkCZOlnESNgttg0r+MqL8tfJC6ybddEFB3YBo8PZajKSe
- 3OQ01Ow3yT4I+Wdg1tsTpSge9gEz7SrC07EkYmHuPtd71CHiUaCWDv+xVfUQX0aT
- NPFmDixzUjoYzbGDrtAyCqA8f9CN2txIfJnpHE6q6CmKcoLADS4UrNPlhHSzd614
- kR/JYiks0K4kbRqCQF0Dv0P5Di+rEfefC6glV8ysC8dB5/9nb0yh/ojRuJGmgMWH
- gWk6h0ihjihqiu4jACovUZ7vVOCgSE5Ipn7OIwqd93zp2wIDAQABo4HEMIHBMB0G
- A1UdDgQWBBSsBQ869nh83KqZr5jArr4/7b+QazCBkQYDVR0jBIGJMIGGgBSsBQ86
- 9nh83KqZr5jArr4/7b+Qa6FrpGkwZzELMAkGA1UEBhMCVVMxFTATBgNVBAgTDFBl
- bm5zeWx2YW5pYTETMBEGA1UEBxMKUGl0dHNidXJnaDERMA8GA1UEChMIVGVzdFNo
- aWIxGTAXBgNVBAMTEGlkcC50ZXN0c2hpYi5vcmeCAQAwDAYDVR0TBAUwAwEB/zAN
- BgkqhkiG9w0BAQUFAAOCAQEAjR29PhrCbk8qLN5MFfSVk98t3CT9jHZoYxd8QMRL
- I4j7iYQxXiGJTT1FXs1nd4Rha9un+LqTfeMMYqISdDDI6tv8iNpkOAvZZUosVkUo
- 93pv1T0RPz35hcHHYq2yee59HJOco2bFlcsH8JBXRSRrJ3Q7Eut+z9uo80JdGNJ4
- /SJy5UorZ8KazGj16lfJhOBXldgrhppQBb0Nq6HKHguqmwRfJ+WkxemZXzhediAj
- Geka8nz8JjwxpUjAiSWYKLtJhGEaTqCYxCCX2Dw+dOTqUzHOZ7WKv4JXPK5G/Uhr
- 8K/qhmFT2nIQi538n6rVYLeWj8Bbnl+ev0peYzxFyF5sQA==
-
-
-
-
-
-
-
-
-
-
-
- urn:mace:shibboleth:1.0:nameIdentifier
- urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
-
- TestShib Two Identity Provider
- TestShib Two
- http://www.testshib.org/testshib-two/
-
-
- Nate
- Klingenstein
- ndk@internet2.edu
-
-
\ No newline at end of file
diff --git a/selfservice/strategy/saml/strategy/.schema/link.schema.json b/selfservice/strategy/saml/.schema/link.schema.json
similarity index 100%
rename from selfservice/strategy/saml/strategy/.schema/link.schema.json
rename to selfservice/strategy/saml/.schema/link.schema.json
diff --git a/selfservice/strategy/saml/strategy/.schema/settings.schema.json b/selfservice/strategy/saml/.schema/settings.schema.json
similarity index 100%
rename from selfservice/strategy/saml/strategy/.schema/settings.schema.json
rename to selfservice/strategy/saml/.schema/settings.schema.json
diff --git a/selfservice/strategy/saml/strategy/const.go b/selfservice/strategy/saml/const.go
similarity index 78%
rename from selfservice/strategy/saml/strategy/const.go
rename to selfservice/strategy/saml/const.go
index e578913b1427..43e852245103 100644
--- a/selfservice/strategy/saml/strategy/const.go
+++ b/selfservice/strategy/saml/const.go
@@ -1,4 +1,4 @@
-package strategy
+package saml
const (
sessionName = "ory_kratos_saml_auth_code_session"
diff --git a/selfservice/flow/saml/handler.go b/selfservice/strategy/saml/handler.go
similarity index 98%
rename from selfservice/flow/saml/handler.go
rename to selfservice/strategy/saml/handler.go
index 9ce5b65cd1e1..5c13c8469718 100644
--- a/selfservice/flow/saml/handler.go
+++ b/selfservice/strategy/saml/handler.go
@@ -24,8 +24,6 @@ import (
samlidp "github.com/crewjam/saml"
- samlstrategy "github.com/ory/kratos/selfservice/strategy/saml"
-
"github.com/ory/kratos/session"
"github.com/ory/kratos/x"
"github.com/ory/x/decoderx"
@@ -144,7 +142,7 @@ func DestroyMiddlewareIfExists() {
func (h *Handler) instantiateMiddleware(ctx context.Context, config config.Config) error {
// Create a SAMLProvider object from the config file
- var c samlstrategy.ConfigurationCollection
+ var c ConfigurationCollection
conf := config.SelfServiceStrategy(ctx, "saml").Config
if err := jsonx.
NewStrictDecoder(bytes.NewBuffer(conf)).
diff --git a/selfservice/flow/saml/test/handler_test.go b/selfservice/strategy/saml/handler_test.go
similarity index 78%
rename from selfservice/flow/saml/test/handler_test.go
rename to selfservice/strategy/saml/handler_test.go
index 0af00023e473..7f93a89408a5 100644
--- a/selfservice/flow/saml/test/handler_test.go
+++ b/selfservice/strategy/saml/handler_test.go
@@ -4,10 +4,9 @@ import (
"io/ioutil"
"testing"
- samlhandler "github.com/ory/kratos/selfservice/flow/saml"
+ "github.com/ory/kratos/selfservice/strategy/saml"
"github.com/stretchr/testify/require"
- helpertest "github.com/ory/kratos/selfservice/flow/saml/helpertest"
"gotest.tools/assert"
)
@@ -16,10 +15,10 @@ func TestInitMiddleWareWithMetadata(t *testing.T) {
t.Skip()
}
- samlhandler.DestroyMiddlewareIfExists()
+ saml.DestroyMiddlewareIfExists()
- middleWare, _, _, err := helpertest.InitMiddlewareWithMetadata(t,
- "file://testdata/idp_saml_metadata.xml")
+ middleWare, _, _, err := InitTestMiddlewareWithMetadata(t,
+ "file://testdata/SP_IDPMetadata.xml")
require.NoError(t, err)
assert.Check(t, middleWare != nil)
@@ -33,9 +32,9 @@ func TestInitMiddleWareWithoutMetadata(t *testing.T) {
t.Skip()
}
- samlhandler.DestroyMiddlewareIfExists()
+ saml.DestroyMiddlewareIfExists()
- middleWare, _, _, err := helpertest.InitMiddlewareWithoutMetadata(t,
+ middleWare, _, _, err := InitTestMiddlewareWithoutMetadata(t,
"https://samltest.id/idp/profile/SAML2/Redirect/SSO",
"https://samltest.id/saml/idp",
"file://testdata/samlkratos.crt",
@@ -53,12 +52,12 @@ func TestGetMiddleware(t *testing.T) {
t.Skip()
}
- samlhandler.DestroyMiddlewareIfExists()
+ saml.DestroyMiddlewareIfExists()
- helpertest.InitMiddlewareWithMetadata(t,
- "file://testdata/idp_saml_metadata.xml")
+ InitTestMiddlewareWithMetadata(t,
+ "file://testdata/SP_IDPMetadata.xml")
- middleWare, err := samlhandler.GetMiddleware()
+ middleWare, err := saml.GetMiddleware()
require.NoError(t, err)
assert.Check(t, middleWare != nil)
@@ -72,12 +71,12 @@ func TestMustParseCertificate(t *testing.T) {
t.Skip()
}
- samlhandler.DestroyMiddlewareIfExists()
+ saml.DestroyMiddlewareIfExists()
certificate, err := ioutil.ReadFile("testdata/samlkratos.crt")
require.NoError(t, err)
- cert, err := samlhandler.MustParseCertificate(certificate)
+ cert, err := saml.MustParseCertificate(certificate)
require.NoError(t, err)
assert.Check(t, cert.Issuer.Country[0] == "AU")
diff --git a/selfservice/flow/saml/test/metadata_test.go b/selfservice/strategy/saml/metadata_test.go
similarity index 84%
rename from selfservice/flow/saml/test/metadata_test.go
rename to selfservice/strategy/saml/metadata_test.go
index 7545034d7157..8e801fb529ff 100644
--- a/selfservice/flow/saml/test/metadata_test.go
+++ b/selfservice/strategy/saml/metadata_test.go
@@ -8,11 +8,7 @@ import (
"reflect"
"testing"
- samlhandler "github.com/ory/kratos/selfservice/flow/saml"
- helpertest "github.com/ory/kratos/selfservice/flow/saml/helpertest"
-
- samltesthelpers "github.com/ory/kratos/selfservice/flow/saml/helpertest"
-
+ "github.com/ory/kratos/selfservice/strategy/saml"
"github.com/stretchr/testify/require"
"gotest.tools/assert"
is "gotest.tools/assert/cmp"
@@ -71,12 +67,12 @@ func TestXmlMetadataExist(t *testing.T) {
t.Skip()
}
- samlhandler.DestroyMiddlewareIfExists()
+ saml.DestroyMiddlewareIfExists()
- _, _, ts, err := helpertest.InitMiddlewareWithMetadata(t,
- "file://testdata/idp_saml_metadata.xml")
+ _, _, ts, err := InitTestMiddlewareWithMetadata(t,
+ "file://testdata/SP_IDPMetadata.xml")
assert.NilError(t, err)
- res, _ := samltesthelpers.NewClient(t, nil).Get(ts.URL + "/self-service/methods/saml/metadata")
+ res, _ := NewTestClient(t, nil).Get(ts.URL + "/self-service/methods/saml/metadata")
assert.Check(t, is.Equal(http.StatusOK, res.StatusCode))
assert.Check(t, is.Equal("application/samlmetadata+xml",
@@ -88,11 +84,11 @@ func TestXmlMetadataValues(t *testing.T) {
t.Skip()
}
- samlhandler.DestroyMiddlewareIfExists()
+ saml.DestroyMiddlewareIfExists()
- _, _, ts, err := helpertest.InitMiddlewareWithMetadata(t,
- "file://testdata/idp_saml_metadata.xml")
- res, _ := samltesthelpers.NewClient(t, nil).Get(ts.URL + "/self-service/methods/saml/metadata")
+ _, _, ts, err := InitTestMiddlewareWithMetadata(t,
+ "file://testdata/SP_IDPMetadata.xml")
+ res, _ := NewTestClient(t, nil).Get(ts.URL + "/self-service/methods/saml/metadata")
body, _ := io.ReadAll(res.Body)
assert.Check(t, is.Equal(http.StatusOK, res.StatusCode))
diff --git a/selfservice/strategy/saml/strategy/schema.go b/selfservice/strategy/saml/schema.go
similarity index 82%
rename from selfservice/strategy/saml/strategy/schema.go
rename to selfservice/strategy/saml/schema.go
index 92ac527c5d00..50aa01e10193 100644
--- a/selfservice/strategy/saml/strategy/schema.go
+++ b/selfservice/strategy/saml/schema.go
@@ -1,4 +1,4 @@
-package strategy
+package saml
import (
_ "embed"
diff --git a/selfservice/strategy/saml/strategy/strategy.go b/selfservice/strategy/saml/strategy.go
similarity index 95%
rename from selfservice/strategy/saml/strategy/strategy.go
rename to selfservice/strategy/saml/strategy.go
index 937d5af9168a..6061ab812dec 100644
--- a/selfservice/strategy/saml/strategy/strategy.go
+++ b/selfservice/strategy/saml/strategy.go
@@ -1,4 +1,4 @@
-package strategy
+package saml
import (
"bytes"
@@ -35,10 +35,8 @@ import (
"github.com/ory/kratos/selfservice/flow/login"
"github.com/ory/kratos/selfservice/flow/registration"
- samlflow "github.com/ory/kratos/selfservice/flow/saml"
"github.com/ory/kratos/selfservice/flow/settings"
"github.com/ory/kratos/selfservice/strategy"
- samlstrategy "github.com/ory/kratos/selfservice/strategy/saml"
"github.com/ory/kratos/session"
"github.com/ory/kratos/x"
)
@@ -186,7 +184,7 @@ func (s *Strategy) validateFlow(ctx context.Context, r *http.Request, rid uuid.U
if ar, err := s.d.RegistrationFlowPersister().GetRegistrationFlow(ctx, rid); err == nil {
if ar.Type != flow.TypeBrowser {
- return ar, samlstrategy.ErrAPIFlowNotSupported
+ return ar, ErrAPIFlowNotSupported
}
if err := ar.Valid(); err != nil {
@@ -197,7 +195,7 @@ func (s *Strategy) validateFlow(ctx context.Context, r *http.Request, rid uuid.U
if ar, err := s.d.LoginFlowPersister().GetLoginFlow(ctx, rid); err == nil {
if ar.Type != flow.TypeBrowser {
- return ar, samlstrategy.ErrAPIFlowNotSupported
+ return ar, ErrAPIFlowNotSupported
}
if err := ar.Valid(); err != nil {
@@ -209,7 +207,7 @@ func (s *Strategy) validateFlow(ctx context.Context, r *http.Request, rid uuid.U
ar, err := s.d.SettingsFlowPersister().GetSettingsFlow(ctx, rid)
if err == nil {
if ar.Type != flow.TypeBrowser {
- return ar, samlstrategy.ErrAPIFlowNotSupported
+ return ar, ErrAPIFlowNotSupported
}
sess, err := s.d.SessionManager().FetchFromRequest(ctx, r)
@@ -279,7 +277,7 @@ func (s *Strategy) handleCallback(w http.ResponseWriter, r *http.Request, ps htt
return
}
- m, err := samlflow.GetMiddleware()
+ m, err := GetMiddleware()
if err != nil {
s.forwardError(w, r, err)
}
@@ -330,7 +328,7 @@ func (s *Strategy) forwardError(w http.ResponseWriter, r *http.Request, err erro
}
// Return the SAML Provider
-func (s *Strategy) Provider(ctx context.Context) (samlstrategy.Provider, error) {
+func (s *Strategy) Provider(ctx context.Context) (Provider, error) {
c, err := s.Config(ctx)
if err != nil {
return nil, err
@@ -345,8 +343,8 @@ func (s *Strategy) Provider(ctx context.Context) (samlstrategy.Provider, error)
}
// Translate YAML Config file into a SAML Provider struct
-func (s *Strategy) Config(ctx context.Context) (*samlstrategy.ConfigurationCollection, error) {
- var c samlstrategy.ConfigurationCollection
+func (s *Strategy) Config(ctx context.Context) (*ConfigurationCollection, error) {
+ var c ConfigurationCollection
conf := s.d.Config().SelfServiceStrategy(ctx, string(s.ID())).Config
if err := jsonx.
diff --git a/selfservice/strategy/saml/strategy/test/testdata/cert.pem b/selfservice/strategy/saml/strategy/test/testdata/cert.pem
deleted file mode 100644
index 52667ef39ff2..000000000000
--- a/selfservice/strategy/saml/strategy/test/testdata/cert.pem
+++ /dev/null
@@ -1,13 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIB7zCCAVgCCQDFzbKIp7b3MTANBgkqhkiG9w0BAQUFADA8MQswCQYDVQQGEwJV
-UzELMAkGA1UECAwCR0ExDDAKBgNVBAoMA2ZvbzESMBAGA1UEAwwJbG9jYWxob3N0
-MB4XDTEzMTAwMjAwMDg1MVoXDTE0MTAwMjAwMDg1MVowPDELMAkGA1UEBhMCVVMx
-CzAJBgNVBAgMAkdBMQwwCgYDVQQKDANmb28xEjAQBgNVBAMMCWxvY2FsaG9zdDCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1PMHYmhZj308kWLhZVT4vOulqx/9
-ibm5B86fPWwUKKQ2i12MYtz07tzukPymisTDhQaqyJ8Kqb/6JjhmeMnEOdTvSPmH
-O8m1ZVveJU6NoKRn/mP/BD7FW52WhbrUXLSeHVSKfWkNk6S4hk9MV9TswTvyRIKv
-Rsw0X/gfnqkroJcCAwEAATANBgkqhkiG9w0BAQUFAAOBgQCMMlIO+GNcGekevKgk
-akpMdAqJfs24maGb90DvTLbRZRD7Xvn1MnVBBS9hzlXiFLYOInXACMW5gcoRFfeT
-QLSouMM8o57h0uKjfTmuoWHLQLi6hnF+cvCsEFiJZ4AbF+DgmO6TarJ8O05t8zvn
-OwJlNCASPZRH/JmF8tX0hoHuAQ==
------END CERTIFICATE-----
\ No newline at end of file
diff --git a/selfservice/strategy/saml/strategy/test/testdata/idp_saml_metadata.xml b/selfservice/strategy/saml/strategy/test/testdata/idp_saml_metadata.xml
deleted file mode 100644
index dcaf7f051dae..000000000000
--- a/selfservice/strategy/saml/strategy/test/testdata/idp_saml_metadata.xml
+++ /dev/null
@@ -1,118 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- testshib.org
-
- TestShib Test IdP
- TestShib IdP. Use this as a source of attributes
- for your test SP.
- https://www.testshib.org/testshibtwo.jpg
-
-
-
-
-
- MIIEDjCCAvagAwIBAgIBADANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJVUzEV
- MBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1cmdoMREwDwYD
- VQQKEwhUZXN0U2hpYjEZMBcGA1UEAxMQaWRwLnRlc3RzaGliLm9yZzAeFw0wNjA4
- MzAyMTEyMjVaFw0xNjA4MjcyMTEyMjVaMGcxCzAJBgNVBAYTAlVTMRUwEwYDVQQI
- EwxQZW5uc3lsdmFuaWExEzARBgNVBAcTClBpdHRzYnVyZ2gxETAPBgNVBAoTCFRl
- c3RTaGliMRkwFwYDVQQDExBpZHAudGVzdHNoaWIub3JnMIIBIjANBgkqhkiG9w0B
- AQEFAAOCAQ8AMIIBCgKCAQEArYkCGuTmJp9eAOSGHwRJo1SNatB5ZOKqDM9ysg7C
- yVTDClcpu93gSP10nH4gkCZOlnESNgttg0r+MqL8tfJC6ybddEFB3YBo8PZajKSe
- 3OQ01Ow3yT4I+Wdg1tsTpSge9gEz7SrC07EkYmHuPtd71CHiUaCWDv+xVfUQX0aT
- NPFmDixzUjoYzbGDrtAyCqA8f9CN2txIfJnpHE6q6CmKcoLADS4UrNPlhHSzd614
- kR/JYiks0K4kbRqCQF0Dv0P5Di+rEfefC6glV8ysC8dB5/9nb0yh/ojRuJGmgMWH
- gWk6h0ihjihqiu4jACovUZ7vVOCgSE5Ipn7OIwqd93zp2wIDAQABo4HEMIHBMB0G
- A1UdDgQWBBSsBQ869nh83KqZr5jArr4/7b+QazCBkQYDVR0jBIGJMIGGgBSsBQ86
- 9nh83KqZr5jArr4/7b+Qa6FrpGkwZzELMAkGA1UEBhMCVVMxFTATBgNVBAgTDFBl
- bm5zeWx2YW5pYTETMBEGA1UEBxMKUGl0dHNidXJnaDERMA8GA1UEChMIVGVzdFNo
- aWIxGTAXBgNVBAMTEGlkcC50ZXN0c2hpYi5vcmeCAQAwDAYDVR0TBAUwAwEB/zAN
- BgkqhkiG9w0BAQUFAAOCAQEAjR29PhrCbk8qLN5MFfSVk98t3CT9jHZoYxd8QMRL
- I4j7iYQxXiGJTT1FXs1nd4Rha9un+LqTfeMMYqISdDDI6tv8iNpkOAvZZUosVkUo
- 93pv1T0RPz35hcHHYq2yee59HJOco2bFlcsH8JBXRSRrJ3Q7Eut+z9uo80JdGNJ4
- /SJy5UorZ8KazGj16lfJhOBXldgrhppQBb0Nq6HKHguqmwRfJ+WkxemZXzhediAj
- Geka8nz8JjwxpUjAiSWYKLtJhGEaTqCYxCCX2Dw+dOTqUzHOZ7WKv4JXPK5G/Uhr
- 8K/qhmFT2nIQi538n6rVYLeWj8Bbnl+ev0peYzxFyF5sQA==
-
-
-
-
-
-
-
-
-
-
-
- urn:mace:shibboleth:1.0:nameIdentifier
- urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
-
-
-
-
-
-
-
-
-
-
- MIIEDjCCAvagAwIBAgIBADANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJVUzEV
- MBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1cmdoMREwDwYD
- VQQKEwhUZXN0U2hpYjEZMBcGA1UEAxMQaWRwLnRlc3RzaGliLm9yZzAeFw0wNjA4
- MzAyMTEyMjVaFw0xNjA4MjcyMTEyMjVaMGcxCzAJBgNVBAYTAlVTMRUwEwYDVQQI
- EwxQZW5uc3lsdmFuaWExEzARBgNVBAcTClBpdHRzYnVyZ2gxETAPBgNVBAoTCFRl
- c3RTaGliMRkwFwYDVQQDExBpZHAudGVzdHNoaWIub3JnMIIBIjANBgkqhkiG9w0B
- AQEFAAOCAQ8AMIIBCgKCAQEArYkCGuTmJp9eAOSGHwRJo1SNatB5ZOKqDM9ysg7C
- yVTDClcpu93gSP10nH4gkCZOlnESNgttg0r+MqL8tfJC6ybddEFB3YBo8PZajKSe
- 3OQ01Ow3yT4I+Wdg1tsTpSge9gEz7SrC07EkYmHuPtd71CHiUaCWDv+xVfUQX0aT
- NPFmDixzUjoYzbGDrtAyCqA8f9CN2txIfJnpHE6q6CmKcoLADS4UrNPlhHSzd614
- kR/JYiks0K4kbRqCQF0Dv0P5Di+rEfefC6glV8ysC8dB5/9nb0yh/ojRuJGmgMWH
- gWk6h0ihjihqiu4jACovUZ7vVOCgSE5Ipn7OIwqd93zp2wIDAQABo4HEMIHBMB0G
- A1UdDgQWBBSsBQ869nh83KqZr5jArr4/7b+QazCBkQYDVR0jBIGJMIGGgBSsBQ86
- 9nh83KqZr5jArr4/7b+Qa6FrpGkwZzELMAkGA1UEBhMCVVMxFTATBgNVBAgTDFBl
- bm5zeWx2YW5pYTETMBEGA1UEBxMKUGl0dHNidXJnaDERMA8GA1UEChMIVGVzdFNo
- aWIxGTAXBgNVBAMTEGlkcC50ZXN0c2hpYi5vcmeCAQAwDAYDVR0TBAUwAwEB/zAN
- BgkqhkiG9w0BAQUFAAOCAQEAjR29PhrCbk8qLN5MFfSVk98t3CT9jHZoYxd8QMRL
- I4j7iYQxXiGJTT1FXs1nd4Rha9un+LqTfeMMYqISdDDI6tv8iNpkOAvZZUosVkUo
- 93pv1T0RPz35hcHHYq2yee59HJOco2bFlcsH8JBXRSRrJ3Q7Eut+z9uo80JdGNJ4
- /SJy5UorZ8KazGj16lfJhOBXldgrhppQBb0Nq6HKHguqmwRfJ+WkxemZXzhediAj
- Geka8nz8JjwxpUjAiSWYKLtJhGEaTqCYxCCX2Dw+dOTqUzHOZ7WKv4JXPK5G/Uhr
- 8K/qhmFT2nIQi538n6rVYLeWj8Bbnl+ev0peYzxFyF5sQA==
-
-
-
-
-
-
-
-
-
-
-
- urn:mace:shibboleth:1.0:nameIdentifier
- urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
-
- TestShib Two Identity Provider
- TestShib Two
- http://www.testshib.org/testshib-two/
-
-
- Nate
- Klingenstein
- ndk@internet2.edu
-
-
\ No newline at end of file
diff --git a/selfservice/strategy/saml/strategy/test/testdata/key.pem b/selfservice/strategy/saml/strategy/test/testdata/key.pem
deleted file mode 100644
index 48284dac33a1..000000000000
--- a/selfservice/strategy/saml/strategy/test/testdata/key.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQDU8wdiaFmPfTyRYuFlVPi866WrH/2JubkHzp89bBQopDaLXYxi
-3PTu3O6Q/KaKxMOFBqrInwqpv/omOGZ4ycQ51O9I+Yc7ybVlW94lTo2gpGf+Y/8E
-PsVbnZaFutRctJ4dVIp9aQ2TpLiGT0xX1OzBO/JEgq9GzDRf+B+eqSuglwIDAQAB
-AoGBAMuy1eN6cgFiCOgBsB3gVDdTKpww87Qk5ivjqEt28SmXO13A1KNVPS6oQ8SJ
-CT5Azc6X/BIAoJCURVL+LHdqebogKljhH/3yIel1kH19vr4E2kTM/tYH+qj8afUS
-JEmArUzsmmK8ccuNqBcllqdwCZjxL4CHDUmyRudFcHVX9oyhAkEA/OV1OkjM3CLU
-N3sqELdMmHq5QZCUihBmk3/N5OvGdqAFGBlEeewlepEVxkh7JnaNXAXrKHRVu/f/
-fbCQxH+qrwJBANeQERF97b9Sibp9xgolb749UWNlAdqmEpmlvmS202TdcaaT1msU
-4rRLiQN3X9O9mq4LZMSVethrQAdX1whawpkCQQDk1yGf7xZpMJ8F4U5sN+F4rLyM
-Rq8Sy8p2OBTwzCUXXK+fYeXjybsUUMr6VMYTRP2fQr/LKJIX+E5ZxvcIyFmDAkEA
-yfjNVUNVaIbQTzEbRlRvT6MqR+PTCefC072NF9aJWR93JimspGZMR7viY6IM4lrr
-vBkm0F5yXKaYtoiiDMzlOQJADqmEwXl0D72ZG/2KDg8b4QZEmC9i5gidpQwJXUc6
-hU+IVQoLxRq0fBib/36K9tcrrO5Ba4iEvDcNY+D8yGbUtA==
------END RSA PRIVATE KEY-----
\ No newline at end of file
diff --git a/selfservice/strategy/saml/strategy/test/testdata/myservice.cert b/selfservice/strategy/saml/strategy/test/testdata/myservice.cert
deleted file mode 100755
index a815f8f44742..000000000000
--- a/selfservice/strategy/saml/strategy/test/testdata/myservice.cert
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDITCCAgmgAwIBAgIUAKe3G3G4JRoPJDbHcFfUC0M1vUwwDQYJKoZIhvcNAQEL
-BQAwIDEeMBwGA1UEAwwVbXlzZXJ2aWNlLmV4YW1wbGUuY29tMB4XDTIxMTIyODEw
-MTcxOFoXDTIyMTIyODEwMTcxOFowIDEeMBwGA1UEAwwVbXlzZXJ2aWNlLmV4YW1w
-bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA456eHhpbTabo
-JD9IurVIakdb4Y1CtM1cWEgeDB/owu+h13pqj+wk/1AlFUNIYKfzJNmP+CoJv5pS
-vUeJaMdA7vKUCHPMY7SNoZdaX0eGV4Z9Q7Q6pSkV+heoamojl+Lq9VIVvWnz4ra9
-3xjvJJ4bACyIz7k9u32jAb+v3Rh3axVlPfYJqCx0gU+tcMxb/Lc7HH7ynAjFGc4N
-iG7qOqE2nmzRanKw4dMJhkzhNyFQbqtd4DmEzV70XixyztxmbENVfNdvOrCc34/e
-JR4q7w5YEGMwUIPip7/zz/itqsrk0x4/VF1lExMOihf8dfYnqdF3+SdywoBf5UC4
-AUyFS/3FgQIDAQABo1MwUTAdBgNVHQ4EFgQUdG+6zhMmsR2yenGz22Iacjeh6BUw
-HwYDVR0jBBgwFoAUdG+6zhMmsR2yenGz22Iacjeh6BUwDwYDVR0TAQH/BAUwAwEB
-/zANBgkqhkiG9w0BAQsFAAOCAQEAU5eJKGCBsJpMgL6AgrtpY47iT2KtIkeiI5RC
-L+2z2pORG2jFzvY+3kcYA+Nj7EwVyBGmn2lL2JCgk3Qr1YsO4IMJ6sZYbDi6I1SR
-z14QMYDRWqPY7VoyqiDzdIS9ENWm80gCG4BChSMtEtN2kmjdTOM++Cr4LY/LLhM4
-9aSNfXHTx4kklP1VVc8dGWw+bFtzZUeP6O+ssrFhcse4V6DoQAxYSU4MAAjePhAP
-0IS2I3sSzLe/LCsJMPZv0r1q8YQCGBrijAXSnQiu8KFh8hEQusxilIZV9XPDGB98
-EwTT5cbtUtOIbrZ6kdBs49O27xCTymaIuysidFtywwTaDdrc1g==
------END CERTIFICATE-----
diff --git a/selfservice/strategy/saml/strategy/test/testdata/myservice.key b/selfservice/strategy/saml/strategy/test/testdata/myservice.key
deleted file mode 100755
index e7b461f2f228..000000000000
--- a/selfservice/strategy/saml/strategy/test/testdata/myservice.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDjnp4eGltNpugk
-P0i6tUhqR1vhjUK0zVxYSB4MH+jC76HXemqP7CT/UCUVQ0hgp/Mk2Y/4Kgm/mlK9
-R4lox0Du8pQIc8xjtI2hl1pfR4ZXhn1DtDqlKRX6F6hqaiOX4ur1UhW9afPitr3f
-GO8knhsALIjPuT27faMBv6/dGHdrFWU99gmoLHSBT61wzFv8tzscfvKcCMUZzg2I
-buo6oTaebNFqcrDh0wmGTOE3IVBuq13gOYTNXvReLHLO3GZsQ1V81286sJzfj94l
-HirvDlgQYzBQg+Knv/PP+K2qyuTTHj9UXWUTEw6KF/x19iep0Xf5J3LCgF/lQLgB
-TIVL/cWBAgMBAAECggEAAn9H/s6NN+Hf5B3pn1rDy56yzFuvYqpqG/HWmo1zEUht
-vx5xstiFY2OutHgDgEP3b+0PHkrfxoFb7QWu5T5iYPy6UQlsMZ/WefJeJHN1btpj
-321Hw24a9p5x05EMiOsNZtmasXRLH66fkKYGYaF2bF8QtS60Fa2AL1G6DTPqg3s4
-T+ijNYPr1xUk5GSh8Ea0DjLhzL6WgSHj+eBKgfEdYPDlOaQaYQuV2OJg9JyqxV6h
-/Fa1HDc6RgpIhalLhP+9OqhSr9vmXSzEidzu+WTQSPpabwlVIae30Qh8XT9bYF5v
-TElDXv5e5FwFmIJTnhAHyGlpnJ3KzaEHkmGbAxLOQQKBgQD2P4++d0WzrugKnfpz
-hMpIVwk4jl1l2LUe3LoKEtF85lj6NjmvUNEPfJ0MIwKAjQYZ9AJWgCPP2/kjDBRv
-dwwtSDIjFf79y810MNTGhAKv8nf7Lf5tSiJbvWgwtiiqF/ivUlxOKL9jqc6qj2s9
-psFoPOSAHQz6NqNpGyNza/7+CQKBgQDsojNWLJUXVzeUCMCzF+tn8lgs1aGrjHB7
-ZMHpr5nZCBdXjAzZR6yQH653Fa3OzNnVjq8CiO1ZdvbwW/KgVUHB4Mb/4kJ0Uxbm
-WOF7zQjsMleoABFTi5mCcSqEK+u1qnrG8Ful9L6F8WhP7mdDmRXQM3f9rG2NDb1H
-/OJuj/LpuQKBgQDK0+31Z069QtsUK62oSv9G+JG6yOC7S/Vbt1lxhLCSnTU620FG
-W13n0K+W2JtuATq+U9M9JozY4ApkyMVoTnl0LtxFNA/1QlI3WyVXYlLIVAJpnSfN
-I1wLjoZsYQ47lEUdO8yWAFAsqih1Km6duGXkEwvvTn5q9mhA4b6giprc6QKBgQCR
-knMcd068ziXdxsitJHDoQHkoE8BiZYIpFuIIHcP6dPTPIdQhsusguqy8i7Sh/Pmh
-XCaj25KQMBRX52jKY8iROfOSJSIWp6r1yAXnAEqV655rNqdyCvZD/dRW/SIDXz4q
-tmDbJkYy5kDys0oJltqJe7A8eV/nn2UrLRIrTBj22QKBgQCFMmXVRqRje9k0Aqfe
-KGYYCEPzeFzY4PzufwoOyhsGkLCwKthf43jXjWy53+u82Od1oKiNCjIhQHOtL720
-mTIhl2AzTJ1VMWoqUIHtGxhaIC3zhDjAaTMHZNDXFU78hPOhcBPtKikh3Hj2bfGG
-TK1KTG49VMcWHmYJhJXwVevKAg==
------END PRIVATE KEY-----
diff --git a/selfservice/strategy/saml/strategy/test/testdata/registration.schema.json b/selfservice/strategy/saml/strategy/test/testdata/registration.schema.json
deleted file mode 100644
index c7005d87ce8d..000000000000
--- a/selfservice/strategy/saml/strategy/test/testdata/registration.schema.json
+++ /dev/null
@@ -1,16 +0,0 @@
-{
- "$id": "https://example.com/registration.schema.json",
- "$schema": "http://json-schema.org/draft-07/schema#",
- "title": "Person",
- "type": "object",
- "properties": {
- "traits": {
- "type": "object",
- "properties": {
- "bar": {
- "type": "string"
- }
- }
- }
- }
-}
diff --git a/selfservice/strategy/saml/strategy/test/testdata/saml.jsonnet b/selfservice/strategy/saml/strategy/test/testdata/saml.jsonnet
deleted file mode 100644
index 87103e26bc6b..000000000000
--- a/selfservice/strategy/saml/strategy/test/testdata/saml.jsonnet
+++ /dev/null
@@ -1,17 +0,0 @@
-local claims = {
- email_verified: false
-} + std.extVar('claims');
-
-{
- identity: {
- traits: {
- // Allowing unverified email addresses enables account
- // enumeration attacks, especially if the value is used for
- // e.g. verification or as a password login identifier.
- //
- // Therefore we only return the email if it (a) exists and (b) is marked verified
- // by Discord.
- [if "email" in claims && claims.email_verified then "email" else null]: claims.email,
- },
- },
-}
\ No newline at end of file
diff --git a/selfservice/strategy/saml/strategy/test/testdata/samlkratos.crt b/selfservice/strategy/saml/strategy/test/testdata/samlkratos.crt
deleted file mode 100755
index 3dfdeb703e1c..000000000000
--- a/selfservice/strategy/saml/strategy/test/testdata/samlkratos.crt
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDazCCAlOgAwIBAgIUVREfiVXf4z/hq8AsbyNnkuWn6i8wDQYJKoZIhvcNAQEL
-BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
-GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMjAyMjExMTA4MjBaFw0yMzAy
-MjExMTA4MjBaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
-HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCjvij3wZV+OhbEbwcs7cpc1hGR+uK4Y0y/ItHkAqlV
-ddl+D28iDJeHci4LA8XmG0loFMTxdC9PG5t4ewn8G18+EeYRV0K3BMMWfxrO6ibG
-z1ElTxQvVSw9tgPpjIgZqL8Qso8UO1ji98yoPhqP77F29pCNqiHrKJI1c52OCPHq
-NBCZa76DmCGcXKAwRQaTo+tig6HJ1/3qCLGq57O396mQRFvjB535mceLzKSpFHsh
-45beytXiBjTkvOEmNIUGVKIidXxqDtuTHz5QqhHTHMSsFH8cT648sSB9K9jPZ6ai
-VCq5z/McyaYFlb/wt7PApJTSRjU0Any4876eBca59ca/AgMBAAGjUzBRMB0GA1Ud
-DgQWBBQml5ORluABegdU+rLlpn++esD9fjAfBgNVHSMEGDAWgBQml5ORluABegdU
-+rLlpn++esD9fjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCL
-X5bpRKtMY7FsPtMsO/KBz5GT7P6aqe8pS0m3uXap6KkQwxa2wyyyH+in6uds8Sxm
-bsdsGpSpCfGQCMqmu0yCjhfwI8nFA6q1YxLNgmx7kEIAQQQG2+jZJE7adXzSk2vT
-tiNQ55mfiO9Wv+JpaB7ldAX3Q+O2uqVLJG/NlvC3ZAq0FXMyeitddLYSmEE0xrcM
-QTB7vb7LpZk7Owa2UJ2VcQyZcxLWMonikIg4u3ALHGR0SvEgMwGhWr354RDGLYSO
-Ii5O1foUR1O71jffr7CgELauyz3AXv6PNYLkyOCQP5gNB2NEMLJBRn5U4IhCHKzD
-t1/BujsTuZV5r6aj3J9+
------END CERTIFICATE-----
diff --git a/selfservice/strategy/saml/strategy/strategy_auth.go b/selfservice/strategy/saml/strategy_auth.go
similarity index 91%
rename from selfservice/strategy/saml/strategy/strategy_auth.go
rename to selfservice/strategy/saml/strategy_auth.go
index b04bea371291..2b7af9c380ee 100644
--- a/selfservice/strategy/saml/strategy/strategy_auth.go
+++ b/selfservice/strategy/saml/strategy_auth.go
@@ -1,4 +1,4 @@
-package strategy
+package saml
import (
"errors"
@@ -7,12 +7,11 @@ import (
"github.com/ory/kratos/identity"
"github.com/ory/kratos/selfservice/flow"
"github.com/ory/kratos/selfservice/flow/login"
- samlsp "github.com/ory/kratos/selfservice/strategy/saml"
"github.com/ory/x/sqlcon"
)
// Handle SAML Assertion and process to either login or register
-func (s *Strategy) processLoginOrRegister(w http.ResponseWriter, r *http.Request, loginFlow *login.Flow, provider samlsp.Provider, claims *samlsp.Claims) (*flow.Flow, error) {
+func (s *Strategy) processLoginOrRegister(w http.ResponseWriter, r *http.Request, loginFlow *login.Flow, provider Provider, claims *Claims) (*flow.Flow, error) {
// This is a check to see if the user exists in the database
i, c, err := s.d.PrivilegedIdentityPool().FindByCredentialsIdentifier(r.Context(), identity.CredentialsTypeSAML, uid(provider.Config().ID, claims.Subject))
diff --git a/selfservice/flow/saml/helpertest/helpertest.go b/selfservice/strategy/saml/strategy_helper_test.go
similarity index 80%
rename from selfservice/flow/saml/helpertest/helpertest.go
rename to selfservice/strategy/saml/strategy_helper_test.go
index 21ad51f92b42..6479669bba80 100644
--- a/selfservice/flow/saml/helpertest/helpertest.go
+++ b/selfservice/strategy/saml/strategy_helper_test.go
@@ -1,4 +1,4 @@
-package helpertest
+package saml_test
import (
"context"
@@ -29,22 +29,20 @@ import (
"github.com/ory/kratos/identity"
"github.com/ory/kratos/internal"
"github.com/ory/kratos/internal/testhelpers"
- samlhandler "github.com/ory/kratos/selfservice/flow/saml"
- samlstrategy "github.com/ory/kratos/selfservice/strategy/saml"
- samlstrat "github.com/ory/kratos/selfservice/strategy/saml/strategy"
+ "github.com/ory/kratos/selfservice/strategy/saml"
"github.com/ory/kratos/x"
)
var TimeNow = func() time.Time { return time.Now().UTC() }
var RandReader = rand.Reader
-func NewSAMLProvider(
+func NewTestSAMLProvider(
t *testing.T,
kratos *httptest.Server,
id, label string,
-) samlstrategy.Configuration {
+) saml.Configuration {
- return samlstrategy.Configuration{
+ return saml.Configuration{
ID: id,
Label: label,
PublicCertPath: "secret",
@@ -55,12 +53,12 @@ func NewSAMLProvider(
}
}
-func ViperSetProviderConfig(t *testing.T, conf *config.Config, SAMLProvider ...samlstrategy.Configuration) {
- conf.MustSet(context.Background(), config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeSAML)+".config", &samlstrategy.ConfigurationCollection{SAMLProviders: SAMLProvider})
+func ViperSetProviderConfig(t *testing.T, conf *config.Config, SAMLProvider ...saml.Configuration) {
+ conf.MustSet(context.Background(), config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeSAML)+".config", &saml.ConfigurationCollection{SAMLProviders: SAMLProvider})
conf.MustSet(context.Background(), config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeSAML)+".enabled", true)
}
-func NewClient(t *testing.T, jar *cookiejar.Jar) *http.Client {
+func NewTestClient(t *testing.T, jar *cookiejar.Jar) *http.Client {
if jar == nil {
j, err := cookiejar.New(nil)
jar = j
@@ -112,10 +110,10 @@ func mustParsePrivateKey(pemStr []byte) crypto.PrivateKey {
return k
}
-func InitMiddleware(t *testing.T, idpInformation map[string]string) (*samlsp.Middleware, *samlstrat.Strategy, *httptest.Server, error) {
+func InitTestMiddleware(t *testing.T, idpInformation map[string]string) (*samlsp.Middleware, *saml.Strategy, *httptest.Server, error) {
conf, reg := internal.NewFastRegistryWithMocks(t)
- strategy := samlstrat.NewStrategy(reg)
+ strategy := saml.NewStrategy(reg)
errTS := testhelpers.NewErrorTestServer(t, reg)
routerP := x.NewRouterPublic()
routerA := x.NewRouterAdmin()
@@ -131,8 +129,8 @@ func InitMiddleware(t *testing.T, idpInformation map[string]string) (*samlsp.Mid
ViperSetProviderConfig(
t,
conf,
- NewSAMLProvider(t, ts, "samlProviderTestID", "samlProviderTestLabel"),
- samlstrategy.Configuration{
+ NewTestSAMLProvider(t, ts, "samlProviderTestID", "samlProviderTestLabel"),
+ saml.Configuration{
ID: "samlProviderTestID",
Label: "samlProviderTestLabel",
PublicCertPath: "file://testdata/myservice.cert",
@@ -152,9 +150,9 @@ func InitMiddleware(t *testing.T, idpInformation map[string]string) (*samlsp.Mid
t.Logf("Kratos Error URL: %s", errTS.URL)
// Instantiates the MiddleWare
- _, err := NewClient(t, nil).Get(ts.URL + "/self-service/methods/saml/metadata")
+ _, err := NewTestClient(t, nil).Get(ts.URL + "/self-service/methods/saml/metadata")
require.NoError(t, err)
- middleware, err := samlhandler.GetMiddleware()
+ middleware, err := saml.GetMiddleware()
require.NoError(t, err)
middleware.ServiceProvider.Key = mustParsePrivateKey(golden.Get(t, "key.pem")).(*rsa.PrivateKey)
middleware.ServiceProvider.Certificate = mustParseCertificate(golden.Get(t, "cert.pem"))
@@ -162,15 +160,15 @@ func InitMiddleware(t *testing.T, idpInformation map[string]string) (*samlsp.Mid
return middleware, strategy, ts, err
}
-func InitMiddlewareWithMetadata(t *testing.T, metadataURL string) (*samlsp.Middleware, *samlstrat.Strategy, *httptest.Server, error) {
+func InitTestMiddlewareWithMetadata(t *testing.T, metadataURL string) (*samlsp.Middleware, *saml.Strategy, *httptest.Server, error) {
idpInformation := make(map[string]string)
idpInformation["idp_metadata_url"] = metadataURL
- return InitMiddleware(t, idpInformation)
+ return InitTestMiddleware(t, idpInformation)
}
-func InitMiddlewareWithoutMetadata(t *testing.T, idpSsoUrl string, idpEntityId string,
- idpCertifiatePath string, idpLogoutUrl string) (*samlsp.Middleware, *samlstrat.Strategy, *httptest.Server, error) {
+func InitTestMiddlewareWithoutMetadata(t *testing.T, idpSsoUrl string, idpEntityId string,
+ idpCertifiatePath string, idpLogoutUrl string) (*samlsp.Middleware, *saml.Strategy, *httptest.Server, error) {
idpInformation := make(map[string]string)
idpInformation["idp_sso_url"] = idpSsoUrl
@@ -178,7 +176,7 @@ func InitMiddlewareWithoutMetadata(t *testing.T, idpSsoUrl string, idpEntityId s
idpInformation["idp_certificate_path"] = idpCertifiatePath
idpInformation["idp_logout_url"] = idpLogoutUrl
- return InitMiddleware(t, idpInformation)
+ return InitTestMiddleware(t, idpInformation)
}
func GetAndDecryptAssertion(t *testing.T, samlResponseFile string, key *rsa.PrivateKey) (*crewjamsaml.Assertion, error) {
diff --git a/selfservice/strategy/saml/strategy/strategy_login.go b/selfservice/strategy/saml/strategy_login.go
similarity index 91%
rename from selfservice/strategy/saml/strategy/strategy_login.go
rename to selfservice/strategy/saml/strategy_login.go
index c8d7941a7123..a265fe69acbb 100644
--- a/selfservice/strategy/saml/strategy/strategy_login.go
+++ b/selfservice/strategy/saml/strategy_login.go
@@ -1,4 +1,4 @@
-package strategy
+package saml
import (
"bytes"
@@ -14,8 +14,6 @@ import (
"github.com/ory/kratos/selfservice/flow"
"github.com/ory/kratos/selfservice/flow/login"
"github.com/ory/kratos/selfservice/flow/registration"
- handler "github.com/ory/kratos/selfservice/flow/saml"
- samlsp "github.com/ory/kratos/selfservice/strategy/saml"
"github.com/ory/kratos/session"
"github.com/ory/kratos/text"
"github.com/ory/kratos/ui/node"
@@ -55,7 +53,7 @@ type SubmitSelfServiceLoginFlowWithSAMLMethodBody struct {
}
// Login and give a session to the user
-func (s *Strategy) processLogin(w http.ResponseWriter, r *http.Request, a *login.Flow, provider samlsp.Provider, c *identity.Credentials, i *identity.Identity, claims *samlsp.Claims) (*registration.Flow, error) {
+func (s *Strategy) processLogin(w http.ResponseWriter, r *http.Request, a *login.Flow, provider Provider, c *identity.Credentials, i *identity.Identity, claims *Claims) (*registration.Flow, error) {
var o CredentialsConfig
if err := json.NewDecoder(bytes.NewBuffer(c.Config)).Decode(&o); err != nil {
@@ -117,10 +115,10 @@ func (s *Strategy) Login(w http.ResponseWriter, r *http.Request, f *login.Flow,
}
if x.IsJSONRequest(r) {
- s.d.Writer().WriteError(w, r, flow.NewBrowserLocationChangeRequiredError(handler.RouteSamlLoginInit))
+ s.d.Writer().WriteError(w, r, flow.NewBrowserLocationChangeRequiredError(RouteSamlLoginInit))
} else {
- http.Redirect(w, r, handler.RouteSamlLoginInit, http.StatusSeeOther)
+ http.Redirect(w, r, RouteSamlLoginInit, http.StatusSeeOther)
}
return nil, errors.WithStack(flow.ErrCompletedByStrategy)
diff --git a/selfservice/strategy/saml/strategy/strategy_registration.go b/selfservice/strategy/saml/strategy_registration.go
similarity index 94%
rename from selfservice/strategy/saml/strategy/strategy_registration.go
rename to selfservice/strategy/saml/strategy_registration.go
index 5a3b52ceea00..223672f8fff1 100644
--- a/selfservice/strategy/saml/strategy/strategy_registration.go
+++ b/selfservice/strategy/saml/strategy_registration.go
@@ -1,4 +1,4 @@
-package strategy
+package saml
import (
"bytes"
@@ -15,7 +15,6 @@ import (
"github.com/ory/kratos/selfservice/flow"
"github.com/ory/kratos/selfservice/flow/registration"
- samlsp "github.com/ory/kratos/selfservice/strategy/saml"
"github.com/ory/kratos/text"
"github.com/tidwall/gjson"
@@ -32,7 +31,7 @@ func (s *Strategy) RegisterRegistrationRoutes(r *x.RouterPublic) {
s.setRoutes(r)
}
-func (s *Strategy) GetRegistrationIdentity(r *http.Request, ctx context.Context, provider samlsp.Provider, claims *samlsp.Claims, logsEnabled bool) (*identity.Identity, error) {
+func (s *Strategy) GetRegistrationIdentity(r *http.Request, ctx context.Context, provider Provider, claims *Claims, logsEnabled bool) (*identity.Identity, error) {
// Fetch fetches the file contents from the mapper file.
jn, err := s.f.Fetch(provider.Config().Mapper)
if err != nil {
@@ -102,7 +101,7 @@ func (s *Strategy) GetRegistrationIdentity(r *http.Request, ctx context.Context,
return i, nil
}
-func (s *Strategy) processRegistration(w http.ResponseWriter, r *http.Request, a *registration.Flow, provider samlsp.Provider, claims *samlsp.Claims) error {
+func (s *Strategy) processRegistration(w http.ResponseWriter, r *http.Request, a *registration.Flow, provider Provider, claims *Claims) error {
i, err := s.GetRegistrationIdentity(r, r.Context(), provider, claims, true)
if err != nil {
diff --git a/selfservice/strategy/saml/strategy/test/strategy_test.go b/selfservice/strategy/saml/strategy_test.go
similarity index 68%
rename from selfservice/strategy/saml/strategy/test/strategy_test.go
rename to selfservice/strategy/saml/strategy_test.go
index cd1ee0128875..88578370c36b 100644
--- a/selfservice/strategy/saml/strategy/test/strategy_test.go
+++ b/selfservice/strategy/saml/strategy_test.go
@@ -1,4 +1,4 @@
-package strategy_test
+package saml_test
import (
"bytes"
@@ -8,9 +8,7 @@ import (
"testing"
"github.com/ory/kratos/identity"
- samlhandler "github.com/ory/kratos/selfservice/flow/saml"
- helpertest "github.com/ory/kratos/selfservice/flow/saml/helpertest"
- samlstrategy "github.com/ory/kratos/selfservice/strategy/saml/strategy"
+ "github.com/ory/kratos/selfservice/strategy/saml"
"github.com/stretchr/testify/require"
"gotest.tools/assert"
@@ -23,12 +21,12 @@ func TestGetAndDecryptAssertion(t *testing.T) {
t.Skip()
}
- samlhandler.DestroyMiddlewareIfExists()
+ saml.DestroyMiddlewareIfExists()
- middleware, _, _, _ := helpertest.InitMiddlewareWithMetadata(t,
- "file://testdata/idp_saml_metadata.xml")
+ middleware, _, _, _ := InitTestMiddlewareWithMetadata(t,
+ "file://testdata/SP_IDPMetadata.xml")
- assertion, err := helpertest.GetAndDecryptAssertion(t, "./testdata/SP_SamlResponse.xml", middleware.ServiceProvider.Key)
+ assertion, err := GetAndDecryptAssertion(t, "./testdata/SP_SamlResponse.xml", middleware.ServiceProvider.Key)
require.NoError(t, err)
assert.Check(t, assertion != nil)
@@ -39,12 +37,12 @@ func TestGetAttributesFromAssertion(t *testing.T) {
t.Skip()
}
- samlhandler.DestroyMiddlewareIfExists()
+ saml.DestroyMiddlewareIfExists()
- middleware, strategy, _, _ := helpertest.InitMiddlewareWithMetadata(t,
- "file://testdata/idp_saml_metadata.xml")
+ middleware, strategy, _, _ := InitTestMiddlewareWithMetadata(t,
+ "file://testdata/SP_IDPMetadata.xml")
- assertion, _ := helpertest.GetAndDecryptAssertion(t, "./testdata/SP_SamlResponse.xml", middleware.ServiceProvider.Key)
+ assertion, _ := GetAndDecryptAssertion(t, "./testdata/SP_SamlResponse.xml", middleware.ServiceProvider.Key)
mapAttributes, err := strategy.GetAttributesFromAssertion(assertion)
@@ -69,10 +67,10 @@ func TestCreateAuthRequest(t *testing.T) {
t.Skip()
}
- samlhandler.DestroyMiddlewareIfExists()
+ saml.DestroyMiddlewareIfExists()
- middleware, _, _, _ := helpertest.InitMiddlewareWithMetadata(t,
- "file://testdata/idp_saml_metadata.xml")
+ middleware, _, _, _ := InitTestMiddlewareWithMetadata(t,
+ "file://testdata/SP_IDPMetadata.xml")
authReq, err := middleware.ServiceProvider.MakeAuthenticationRequest("https://samltest.id/idp/profile/SAML2/Redirect/SSO", "saml.HTTPPostBinding", "saml.HTTPPostBinding")
require.NoError(t, err)
@@ -93,10 +91,10 @@ func TestProvider(t *testing.T) {
t.Skip()
}
- samlhandler.DestroyMiddlewareIfExists()
+ saml.DestroyMiddlewareIfExists()
- _, strategy, _, _ := helpertest.InitMiddlewareWithMetadata(t,
- "file://testdata/idp_saml_metadata.xml")
+ _, strategy, _, _ := InitTestMiddlewareWithMetadata(t,
+ "file://testdata/SP_IDPMetadata.xml")
provider, err := strategy.Provider(context.Background())
require.NoError(t, err)
@@ -110,10 +108,10 @@ func TestConfig(t *testing.T) {
t.Skip()
}
- samlhandler.DestroyMiddlewareIfExists()
+ saml.DestroyMiddlewareIfExists()
- _, strategy, _, _ := helpertest.InitMiddlewareWithMetadata(t,
- "file://testdata/idp_saml_metadata.xml")
+ _, strategy, _, _ := InitTestMiddlewareWithMetadata(t,
+ "file://testdata/SP_IDPMetadata.xml")
config, err := strategy.Config(context.Background())
require.NoError(t, err)
@@ -128,10 +126,10 @@ func TestID(t *testing.T) {
t.Skip()
}
- samlhandler.DestroyMiddlewareIfExists()
+ saml.DestroyMiddlewareIfExists()
- _, strategy, _, _ := helpertest.InitMiddlewareWithMetadata(t,
- "file://testdata/idp_saml_metadata.xml")
+ _, strategy, _, _ := InitTestMiddlewareWithMetadata(t,
+ "file://testdata/SP_IDPMetadata.xml")
id := strategy.ID()
gotest.Check(t, id == "saml")
@@ -142,16 +140,16 @@ func TestCountActiveCredentials(t *testing.T) {
t.Skip()
}
- samlhandler.DestroyMiddlewareIfExists()
+ saml.DestroyMiddlewareIfExists()
- _, strategy, _, _ := helpertest.InitMiddlewareWithMetadata(t,
- "file://testdata/idp_saml_metadata.xml")
+ _, strategy, _, _ := InitTestMiddlewareWithMetadata(t,
+ "file://testdata/SP_IDPMetadata.xml")
mapCredentials := make(map[identity.CredentialsType]identity.Credentials)
var b bytes.Buffer
- err := json.NewEncoder(&b).Encode(samlstrategy.CredentialsConfig{
- Providers: []samlstrategy.ProviderCredentialsConfig{
+ err := json.NewEncoder(&b).Encode(saml.CredentialsConfig{
+ Providers: []saml.ProviderCredentialsConfig{
{
Subject: "testUserID",
Provider: "saml",
@@ -175,13 +173,13 @@ func TestGetRegistrationIdentity(t *testing.T) {
t.Skip()
}
- samlhandler.DestroyMiddlewareIfExists()
+ saml.DestroyMiddlewareIfExists()
- middleware, strategy, _, _ := helpertest.InitMiddlewareWithMetadata(t,
- "file://testdata/idp_saml_metadata.xml")
+ middleware, strategy, _, _ := InitTestMiddlewareWithMetadata(t,
+ "file://testdata/SP_IDPMetadata.xml")
provider, _ := strategy.Provider(context.Background())
- assertion, _ := helpertest.GetAndDecryptAssertion(t, "./testdata/SP_SamlResponse.xml", middleware.ServiceProvider.Key)
+ assertion, _ := GetAndDecryptAssertion(t, "./testdata/SP_SamlResponse.xml", middleware.ServiceProvider.Key)
attributes, _ := strategy.GetAttributesFromAssertion(assertion)
claims, _ := provider.Claims(context.Background(), strategy.D().Config(), attributes)
diff --git a/selfservice/strategy/saml/strategy/test/testdata/SP_IDPMetadata.xml b/selfservice/strategy/saml/testdata/SP_IDPMetadata.xml
similarity index 100%
rename from selfservice/strategy/saml/strategy/test/testdata/SP_IDPMetadata.xml
rename to selfservice/strategy/saml/testdata/SP_IDPMetadata.xml
diff --git a/selfservice/strategy/saml/strategy/test/testdata/SP_SamlResponse.xml b/selfservice/strategy/saml/testdata/SP_SamlResponse.xml
similarity index 100%
rename from selfservice/strategy/saml/strategy/test/testdata/SP_SamlResponse.xml
rename to selfservice/strategy/saml/testdata/SP_SamlResponse.xml
diff --git a/selfservice/strategy/saml/strategy/test/testdata/TestSPCanHandleOneloginResponse_response b/selfservice/strategy/saml/testdata/TestSPCanHandleOneloginResponse_response
similarity index 100%
rename from selfservice/strategy/saml/strategy/test/testdata/TestSPCanHandleOneloginResponse_response
rename to selfservice/strategy/saml/testdata/TestSPCanHandleOneloginResponse_response
diff --git a/selfservice/flow/saml/test/testdata/cert.pem b/selfservice/strategy/saml/testdata/cert.pem
similarity index 100%
rename from selfservice/flow/saml/test/testdata/cert.pem
rename to selfservice/strategy/saml/testdata/cert.pem
diff --git a/selfservice/flow/saml/test/testdata/expected_metadata.xml b/selfservice/strategy/saml/testdata/expected_metadata.xml
similarity index 100%
rename from selfservice/flow/saml/test/testdata/expected_metadata.xml
rename to selfservice/strategy/saml/testdata/expected_metadata.xml
diff --git a/selfservice/flow/saml/test/testdata/key.pem b/selfservice/strategy/saml/testdata/key.pem
similarity index 100%
rename from selfservice/flow/saml/test/testdata/key.pem
rename to selfservice/strategy/saml/testdata/key.pem
diff --git a/selfservice/flow/saml/test/testdata/myservice.cert b/selfservice/strategy/saml/testdata/myservice.cert
similarity index 100%
rename from selfservice/flow/saml/test/testdata/myservice.cert
rename to selfservice/strategy/saml/testdata/myservice.cert
diff --git a/selfservice/flow/saml/test/testdata/myservice.key b/selfservice/strategy/saml/testdata/myservice.key
similarity index 100%
rename from selfservice/flow/saml/test/testdata/myservice.key
rename to selfservice/strategy/saml/testdata/myservice.key
diff --git a/selfservice/flow/saml/test/testdata/registration.schema.json b/selfservice/strategy/saml/testdata/registration.schema.json
similarity index 100%
rename from selfservice/flow/saml/test/testdata/registration.schema.json
rename to selfservice/strategy/saml/testdata/registration.schema.json
diff --git a/selfservice/flow/saml/test/testdata/saml.jsonnet b/selfservice/strategy/saml/testdata/saml.jsonnet
similarity index 100%
rename from selfservice/flow/saml/test/testdata/saml.jsonnet
rename to selfservice/strategy/saml/testdata/saml.jsonnet
diff --git a/selfservice/strategy/saml/strategy/test/testdata/saml_response.xml b/selfservice/strategy/saml/testdata/saml_response.xml
similarity index 100%
rename from selfservice/strategy/saml/strategy/test/testdata/saml_response.xml
rename to selfservice/strategy/saml/testdata/saml_response.xml
diff --git a/selfservice/flow/saml/test/testdata/samlkratos.crt b/selfservice/strategy/saml/testdata/samlkratos.crt
similarity index 100%
rename from selfservice/flow/saml/test/testdata/samlkratos.crt
rename to selfservice/strategy/saml/testdata/samlkratos.crt
diff --git a/selfservice/strategy/saml/strategy/types.go b/selfservice/strategy/saml/types.go
similarity index 88%
rename from selfservice/strategy/saml/strategy/types.go
rename to selfservice/strategy/saml/types.go
index 60db543da1a8..a6de0bd7ac79 100644
--- a/selfservice/strategy/saml/strategy/types.go
+++ b/selfservice/strategy/saml/types.go
@@ -1,11 +1,10 @@
-package strategy
+package saml
import (
"bytes"
"encoding/json"
"github.com/ory/kratos/identity"
- "github.com/ory/kratos/selfservice/strategy/saml"
"github.com/ory/kratos/text"
"github.com/ory/kratos/ui/container"
"github.com/ory/kratos/ui/node"
@@ -40,7 +39,7 @@ func NewCredentialsForSAML(subject string, provider string) (*identity.Credentia
}, nil
}
-func AddProviders(c *container.Container, providers []saml.Configuration, message func(provider string) *text.Message) {
+func AddProviders(c *container.Container, providers []Configuration, message func(provider string) *text.Message) {
for _, p := range providers {
AddProvider(c, p.ID, message(
stringsx.Coalesce(p.Label, p.ID)))