russellhaering
artifact binding support
Relates to #40
This integrates Artifact Binding support. I tried to make as few changes as possible. In my tests I was able to switch back and forth between post and artifact binding without issue.
I did have to write a different example client because Okta seems to always respond with a post binding response regardless of the request made. I didn't include my example in the commit because it involved having a working IdP setup and probably would be of limited use to others.
SP creation in it looks like the following:
sp := &saml2.SAMLServiceProvider{ IdentityProviderSSOURL: metadata.IDPSSODescriptor.SingleSignOnServices[0].Location, IdentityProviderArtifactResolutionServiceURL: metadata.IDPSSODescriptor.ArtifactResolutionService.Location, HTTPClient: client, IdentityProviderIssuer: metadata.EntityID, ServiceProviderIssuer: "http://example.com/saml/acs/example", AssertionConsumerServiceURL: "http://localhost:8080/v1/_saml_callback", SignAuthnRequests: true, AudienceURI: "http://example.com/saml/acs/example", IDPCertificateStore: &certStore, SPKeyStore: keyStore, RequestedBinding: saml2.BindingHttpArtifact, }
IdentityProviderArtifactResolutionServiceURL, RequestedBinding, and HTTPClient are the new fields. None are required if clients want to stick with POST binding.
On an unrelated note, I had to change BuildAuthURL to call BuildAuthURLRedirect rather than BuildAuthURLFromDocument to get valid requests for my IdP.
