tessl/pypi-python3-saml

Comprehensive SAML 2.0 toolkit for Python applications enabling SSO and SLO functionality with Service Provider support

—

Pending

Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

Securityby

Pending

The risk profile of this skill

Overview

Eval results

Files

Python3-SAML

Name: tessl/pypi-python3-saml
Author: tessl

A comprehensive SAML 2.0 toolkit for Python applications that enables Single Sign-On (SSO) and Single Logout (SLO) functionality. This library allows you to implement SAML Service Provider (SP) integration with any Identity Provider (IdP), supporting both SP-initiated and IdP-initiated workflows with robust security features.

Package Information

Package Name: python3-saml
Language: Python
Installation: pip install python3-saml
Dependencies: lxml>=4.6.5, isodate>=0.6.1, xmlsec>=1.3.9

Core Imports

from onelogin.saml2.auth import OneLogin_Saml2_Auth
from onelogin.saml2.settings import OneLogin_Saml2_Settings

Common imports for different components:

from onelogin.saml2.response import OneLogin_Saml2_Response
from onelogin.saml2.utils import OneLogin_Saml2_Utils
from onelogin.saml2.constants import OneLogin_Saml2_Constants
from onelogin.saml2.errors import OneLogin_Saml2_Error, OneLogin_Saml2_ValidationError

Basic Usage

from onelogin.saml2.auth import OneLogin_Saml2_Auth

# Initialize with request data and settings
def init_saml_auth(request):
    auth = OneLogin_Saml2_Auth(request, old_settings)
    return auth

# Initiate SSO
def sso():
    auth = init_saml_auth(request)
    auth.login()  # Redirects to IdP

# Process SAML Response
def acs():  # Assertion Consumer Service
    auth = init_saml_auth(request)
    auth.process_response()
    
    if auth.is_authenticated():
        # User authenticated successfully
        attributes = auth.get_attributes()
        nameid = auth.get_nameid()
        session_index = auth.get_session_index()
        # Store session data
    else:
        # Authentication failed
        errors = auth.get_errors()

# Initiate Single Logout
def slo():
    auth = init_saml_auth(request)
    auth.logout()  # Redirects to IdP for logout

# Process Logout Request/Response
def sls():  # Single Logout Service
    auth = init_saml_auth(request)
    auth.process_slo(delete_session_cb=lambda: clear_session())

Architecture

The python3-saml toolkit follows a modular architecture organized around SAML workflow components:

Auth: Central orchestrator managing SSO/SLO workflows and request/response processing
Settings: Configuration management with security validation and metadata generation
Message Processing: Specialized classes for handling SAML requests and responses
Utilities: Cryptographic operations, XML processing, and URL handling
Constants: SAML 2.0 specification constants and error definitions

This design enables session-less operation to avoid conflicts with application session management while providing both high-level convenience methods and low-level control for custom implementations.

Capabilities

Authentication and SSO/SLO

Core SAML authentication functionality including SSO initiation, response processing, logout handling, and session management. The Auth class serves as the primary interface for all SAML operations.

class OneLogin_Saml2_Auth:
    def __init__(self, request_data: dict, old_settings: dict = None, custom_base_path: str = None): ...
    def login(self, return_to: str = None, force_authn: bool = False, is_passive: bool = False, set_nameid_policy: bool = True, name_id_value_req: str = None) -> None: ...
    def process_response(self, request_id: str = None) -> None: ...
    def process_slo(self, keep_local_session: bool = False, request_id: str = None, delete_session_cb: callable = None) -> None: ...
    def logout(self, return_to: str = None, name_id: str = None, session_index: str = None, nq: str = None, name_id_format: str = None, spnq: str = None) -> None: ...
    def is_authenticated(self) -> bool: ...
    def get_attributes(self) -> dict: ...
    def get_nameid(self) -> str: ...

Authentication and SSO/SLO

Configuration and Settings

SAML configuration management including settings validation, metadata generation, and security parameter handling. Supports both JSON and dictionary-based configuration with comprehensive validation.

class OneLogin_Saml2_Settings:
    def __init__(self, settings: dict = None, custom_base_path: str = None, sp_validation_only: bool = False): ...
    def get_sp_data(self) -> dict: ...
    def get_idp_data(self) -> dict: ...
    def get_security_data(self) -> dict: ...
    def get_sp_metadata(self) -> str: ...
    def check_settings(self, settings: dict) -> list: ...

Configuration and Settings

SAML Message Processing

Specialized classes for handling SAML protocol messages including authentication requests, logout requests/responses, and SAML response validation with comprehensive security checks.

class OneLogin_Saml2_Response:
    def __init__(self, settings: OneLogin_Saml2_Settings, response: str): ...
    def is_valid(self, request_data: dict, request_id: str = None, raise_exceptions: bool = False) -> bool: ...
    def get_attributes(self) -> dict: ...
    def get_nameid(self) -> str: ...

class OneLogin_Saml2_Authn_Request:
    def __init__(self, settings: OneLogin_Saml2_Settings, force_authn: bool = False, is_passive: bool = False, set_nameid_policy: bool = True, name_id_value_req: str = None): ...
    def get_request(self, deflate: bool = True) -> str: ...

SAML Message Processing

Utilities and Security

Comprehensive utilities for cryptographic operations, XML processing, URL handling, certificate management, and security validation. Includes robust error handling and SAML-specific constants.

class OneLogin_Saml2_Utils:
    @staticmethod
    def generate_unique_id() -> str: ...
    @staticmethod
    def validate_sign(xml: str, cert: str = None, fingerprint: str = None, fingerprintalg: str = 'sha1', validatecert: bool = False, debug: bool = False, xpath: str = None, multicerts: list = None, raise_exceptions: bool = False) -> bool: ...
    @staticmethod
    def add_sign(xml: str, key: str, cert: str, debug: bool = False, sign_algorithm: str = OneLogin_Saml2_Constants.RSA_SHA256, digest_algorithm: str = OneLogin_Saml2_Constants.SHA256) -> str: ...
    @staticmethod
    def decrypt_element(encrypted_data: str, key: str, debug: bool = False, inplace: bool = False) -> str: ...

Utilities and Security

Types

# Request data structure expected by Auth constructor
RequestData = dict  # Contains 'https', 'http_host', 'server_port', 'script_name', 'get_data', 'post_data'

# Settings structure for SAML configuration
SettingsDict = dict  # Contains 'sp', 'idp', 'security' sections

# Error constants for validation and processing
class OneLogin_Saml2_Error(Exception): ...
class OneLogin_Saml2_ValidationError(OneLogin_Saml2_Error): ...

Workspace: tessl
Visibility: Public
Created: 7 months ago
Last updated: 2 months ago
Describes: pkg:pypi/python3-saml@1.16.x
Publish Source: CLI
Badge