Is there a SAML library for The Go Language?

Question

I see that the goauth and go-oauth OAuth libraries have been written for the Go Programming Language, but a couple of hours of searching online turns up nothing for SAML.

I would like to use Go to implement SSO support using SAML for a web service, but without a SAML library for Go it looks like I will have to "wrap" the SAML logic in a separate service, implemented in another language.

Does anyone know of a Go-friendly SAML library, or maybe some some trick for using a Java, C, or PHP library from a Go program?

Answer 1

I have used gosaml and it works pretty good but there is also go-saml from robots and pencils.

I figured after a year, it would be good to answer this question because it would still be good to have some sort of answer here for people looking for SAML libraries for Go.

Answer 2

I haven't seen a SAML implementation for Go, but you could use a server that already implements it in front of your app.

One of the best supported SAML implementations is Shibboleth. The apache module is the most mature, and is probably the easiest method to use, since you just put your app behind a reverse proxy in apache. There's also a fastcgi authenticator, which uses the same backend, but I can't speak for it's ease of implementation.

If you just need a service-provider, the simplest SAML binding is HTTP-POST-SimpleSign. I made a proof-of-concept implementation in python, to try and demonstrate the simplest SP I could. I make no claims to the robustness of this module, but you can see that it could be done with not too much code. That's assuming the Identity Providers you're working with support this binding. And as always, be wary when deploying any custom security-related code.