From 655b0a9fdece88c75dbeab6dd24873477331a311 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Tue, 17 Dec 2019 17:44:08 +0000
Subject: [PATCH] Fix callers of SSOWrapper

---
 proxy/proxy.go | 4 ++++
 saml/saml.go   | 5 ++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/proxy/proxy.go b/proxy/proxy.go
index b349190..0334444 100644
--- a/proxy/proxy.go
+++ b/proxy/proxy.go
@@ -19,6 +19,9 @@ import (
 	"git.autistici.org/id/go-sso/httpsso"
 )
 
+// TTL for SSO sessions on the proxy.
+var proxyAuthTTL = 1 * time.Hour
+
 // RNG for the random backend selector.
 var rnd = rand.New(rand.NewSource(time.Now().UnixNano()))
 
@@ -131,6 +134,7 @@ func NewProxy(config *Config) (http.Handler, error) {
 		config.SSODomain,
 		[]byte(config.SessionAuthKey),
 		[]byte(config.SessionEncKey),
+		proxyAuthTTL,
 	)
 	if err != nil {
 		return nil, err
diff --git a/saml/saml.go b/saml/saml.go
index 2b5e875..c10565f 100644
--- a/saml/saml.go
+++ b/saml/saml.go
@@ -26,6 +26,9 @@ import (
 	"git.autistici.org/id/go-sso/httpsso"
 )
 
+// Lifetime of an authenticated session.
+var samlAuthTTL = 1 * time.Hour
+
 type serviceProvider struct {
 	// Descriptor can either be an inline XML document, or it can
 	// be read from a file with the syntax "@filename".
@@ -229,7 +232,7 @@ func NewSAMLIDP(config *Config) (http.Handler, error) {
 		return nil, err
 	}
 
-	w, err := httpsso.NewSSOWrapper(config.SSOLoginServerURL, pkey, config.SSODomain, []byte(config.SessionAuthKey), []byte(config.SessionEncKey))
+	w, err := httpsso.NewSSOWrapper(config.SSOLoginServerURL, pkey, config.SSODomain, []byte(config.SessionAuthKey), []byte(config.SessionEncKey), samlAuthTTL)
 	if err != nil {
 		return nil, err
 	}
-- 
GitLab