I am trying to build a Go-based webserver (running in Azure) that allows for single sign-on using SAML. Part of the criteria for the application is that there are two layers of access: first it should be decided whether a user has access to the webpage itself, and second the user should only be able to access the data that he is entitled to see.
I have looked at the listed libraries listed at godoc, but I cannot seem to find a way to implement the second criterion. We want to use the username/ID associated with the SAML response as a part of the database query. I cannot seem to find though where I can find this information. At the moment it seems like I should do something like
http.Handle("/apicall", samlSP.RequireAccount(http.HandlerFunc(foo)))
func foo(w http.ResponseWriter, r *http.Request) {
user := // ?
body, err := ioutil.ReadAll(r.Body)
if err != nil {
log.Println(err)
}
var filter FilterParameters
err = json.Unmarshal(body, &filter)
if err != nil {
log.Println(err)
}
apiStruct := API(filter, user)
json.NewEncoder(w).Encode(apiStruct)
}
However, I am not sure how to get the variable 'user' filled in the correct scope, and where I can get this information from. I was looking to use github.com/crewjam/saml, but I am flexible in switching to a different solution. The godoc mentions a pointer in the 'options' struct to a 'saml.EntityDescriptor' struct, which seems to contain a field for a username, but I am not sure if this would work, and how to even access this in the scope of my function "foo".
