tessl/pypi-python3-saml
Comprehensive SAML 2.0 toolkit for Python applications enabling SSO and SLO functionality with Service Provider support
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Describes
'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/pypi-python3-saml@1.16.0index.mddocs/
Python3-SAML
A comprehensive SAML 2.0 toolkit for Python applications that enables Single Sign-On (SSO) and Single Logout (SLO) functionality. This library allows you to implement SAML Service Provider (SP) integration with any Identity Provider (IdP), supporting both SP-initiated and IdP-initiated workflows with robust security features.
Package Information
- Package Name: python3-saml
- Language: Python
- Installation:
pip install python3-saml - Dependencies:
lxml>=4.6.5,isodate>=0.6.1,xmlsec>=1.3.9
Core Imports
from onelogin.saml2.auth import OneLogin_Saml2_Auth
from onelogin.saml2.settings import OneLogin_Saml2_SettingsCommon imports for different components:
from onelogin.saml2.response import OneLogin_Saml2_Response
from onelogin.saml2.utils import OneLogin_Saml2_Utils
from onelogin.saml2.constants import OneLogin_Saml2_Constants
from onelogin.saml2.errors import OneLogin_Saml2_Error, OneLogin_Saml2_ValidationErrorBasic Usage
from onelogin.saml2.auth import OneLogin_Saml2_Auth
# Initialize with request data and settings
def init_saml_auth(request):
auth = OneLogin_Saml2_Auth(request, old_settings)
return auth
# Initiate SSO
def sso():
auth = init_saml_auth(request)
auth.login() # Redirects to IdP
# Process SAML Response
def acs(): # Assertion Consumer Service
auth = init_saml_auth(request)
auth.process_response()
if auth.is_authenticated():
# User authenticated successfully
attributes = auth.get_attributes()
nameid = auth.get_nameid()
session_index = auth.get_session_index()
# Store session data
else:
# Authentication failed
errors = auth.get_errors()
# Initiate Single Logout
def slo():
auth = init_saml_auth(request)
auth.logout() # Redirects to IdP for logout
# Process Logout Request/Response
def sls(): # Single Logout Service
auth = init_saml_auth(request)
auth.process_slo(delete_session_cb=lambda: clear_session())Architecture
The python3-saml toolkit follows a modular architecture organized around SAML workflow components:
- Auth: Central orchestrator managing SSO/SLO workflows and request/response processing
- Settings: Configuration management with security validation and metadata generation
- Message Processing: Specialized classes for handling SAML requests and responses
- Utilities: Cryptographic operations, XML processing, and URL handling
- Constants: SAML 2.0 specification constants and error definitions
This design enables session-less operation to avoid conflicts with application session management while providing both high-level convenience methods and low-level control for custom implementations.
Capabilities
Authentication and SSO/SLO
Core SAML authentication functionality including SSO initiation, response processing, logout handling, and session management. The Auth class serves as the primary interface for all SAML operations.
class OneLogin_Saml2_Auth:
def __init__(self, request_data: dict, old_settings: dict = None, custom_base_path: str = None): ...
def login(self, return_to: str = None, force_authn: bool = False, is_passive: bool = False, set_nameid_policy: bool = True, name_id_value_req: str = None) -> None: ...
def process_response(self, request_id: str = None) -> None: ...
def process_slo(self, keep_local_session: bool = False, request_id: str = None, delete_session_cb: callable = None) -> None: ...
def logout(self, return_to: str = None, name_id: str = None, session_index: str = None, nq: str = None, name_id_format: str = None, spnq: str = None) -> None: ...
def is_authenticated(self) -> bool: ...
def get_attributes(self) -> dict: ...
def get_nameid(self) -> str: ...Configuration and Settings
SAML configuration management including settings validation, metadata generation, and security parameter handling. Supports both JSON and dictionary-based configuration with comprehensive validation.
class OneLogin_Saml2_Settings:
def __init__(self, settings: dict = None, custom_base_path: str = None, sp_validation_only: bool = False): ...
def get_sp_data(self) -> dict: ...
def get_idp_data(self) -> dict: ...
def get_security_data(self) -> dict: ...
def get_sp_metadata(self) -> str: ...
def check_settings(self, settings: dict) -> list: ...SAML Message Processing
Specialized classes for handling SAML protocol messages including authentication requests, logout requests/responses, and SAML response validation with comprehensive security checks.
class OneLogin_Saml2_Response:
def __init__(self, settings: OneLogin_Saml2_Settings, response: str): ...
def is_valid(self, request_data: dict, request_id: str = None, raise_exceptions: bool = False) -> bool: ...
def get_attributes(self) -> dict: ...
def get_nameid(self) -> str: ...
class OneLogin_Saml2_Authn_Request:
def __init__(self, settings: OneLogin_Saml2_Settings, force_authn: bool = False, is_passive: bool = False, set_nameid_policy: bool = True, name_id_value_req: str = None): ...
def get_request(self, deflate: bool = True) -> str: ...Utilities and Security
Comprehensive utilities for cryptographic operations, XML processing, URL handling, certificate management, and security validation. Includes robust error handling and SAML-specific constants.
class OneLogin_Saml2_Utils:
@staticmethod
def generate_unique_id() -> str: ...
@staticmethod
def validate_sign(xml: str, cert: str = None, fingerprint: str = None, fingerprintalg: str = 'sha1', validatecert: bool = False, debug: bool = False, xpath: str = None, multicerts: list = None, raise_exceptions: bool = False) -> bool: ...
@staticmethod
def add_sign(xml: str, key: str, cert: str, debug: bool = False, sign_algorithm: str = OneLogin_Saml2_Constants.RSA_SHA256, digest_algorithm: str = OneLogin_Saml2_Constants.SHA256) -> str: ...
@staticmethod
def decrypt_element(encrypted_data: str, key: str, debug: bool = False, inplace: bool = False) -> str: ...Types
# Request data structure expected by Auth constructor
RequestData = dict # Contains 'https', 'http_host', 'server_port', 'script_name', 'get_data', 'post_data'
# Settings structure for SAML configuration
SettingsDict = dict # Contains 'sp', 'idp', 'security' sections
# Error constants for validation and processing
class OneLogin_Saml2_Error(Exception): ...
class OneLogin_Saml2_ValidationError(OneLogin_Saml2_Error): ...