Flask SAML2 with flask-login
Project description
flask-login-saml
Flask SAML2 with flask-login
Installation
pip install flask-login-saml
Setup
- Base login configuration
import flask
from flask_login import LoginManager, login_required, current_user
from flask_login_saml import FlaskSAML
app = flask.Flask('flask')
saml = FlaskSAML()
def redirect_login():
return flask.redirect(flask.url_for('saml.login'))
@app.route('/saml/login/', endpoint='saml.login', methods=['GET'])
def login():
return saml.saml_login()
@app.route('/saml/metadata/', endpoint='saml.metadata', methods=['GET'])
def metadata():
return saml.metadata()
@app.route('/saml/authorize/', endpoint='saml.authorize', methods=['POST'])
def authorize():
return saml.authorize()
@app.route('/saml/logout/', endpoint='saml.logout', methods=['GET'])
@login_required
def login():
return saml.saml_logout()
@app.route('/', methods=['GET'])
@login_required
def index():
return current_user.subject
if __name__ == '__main__':
lm = LoginManager(app)
lm.unauthorized_handler(redirect_login)
lm.user_loader(saml.user)
app.config.setdefault(
'SAML_METADATA_URL',
'https://<idp>/descriptor'
)
app.config['SECRET_KEY'] = 'secret'
app.config['SESSION_TYPE'] = 'filesystem'
saml.init_app(app)
app.run()
- Custom login configuration
import flask
from flask_login import LoginManager, login_required, current_user
from flask_login_saml import FlaskSAML
app = flask.Flask('flask')
saml = FlaskSAML(prefix='SSO')
def redirect_login():
return flask.redirect(flask.url_for('sso.login'))
@app.route('/sso/login/', endpoint='sso.login', methods=['GET'])
def login():
return saml.saml_login()
@app.route('/sso/metadata/', endpoint='sso.metadata', methods=['GET'])
def metadata():
return saml.metadata()
@app.route('/sso/authorize/', endpoint='sso.authorize', methods=['POST'])
def authorize():
return saml.authorize()
@app.route('/sso/logout/', endpoint='sso.logout', methods=['GET'])
@login_required
def login():
return saml.saml_logout()
@app.route('/', methods=['GET'])
@login_required
def index():
return current_user.subject
if __name__ == '__main__':
lm = LoginManager(app)
lm.unauthorized_handler(redirect_login)
lm.user_loader(saml.user)
app.config.setdefault(
'SSO_METADATA_URL',
'https://<idp>/protocol/saml/descriptor'
)
app.config['SECRET_KEY'] = 'secret'
app.config['SESSION_TYPE'] = 'filesystem'
saml.init_app(app)
app.run()
Using custom user model
Must be used after FlaskSAML.init_app() or FlaskSAML() if you are not using it
saml.user_model(UserModel)
See user.py for more information about user model
Custom login
Must be used after FlaskSAML.init_app() or FlaskSAML() if you are not using it
def login(model, sender, subject, attributes, assertion, auth):
"""
:param model:
:param sender: application identifier
:type sender: str
:param subject: email address of the logged user
:type subject: str
:param attributes: list of user attributes
:type attributes: list
:param assertion: saml user assertion
:type assertion: str
:param auth: saml authn response used for remembering
:type auth: str
:return: if user logged in or not
:rtype: bool
"""
pass
saml.login_user(login)
Custom logout
Must be used after FlaskSAML.init_app() or FlaskSAML() if you are not using it
def logout(sender):
"""
:param sender: application identifier
:type sender: str
"""
pass
saml.logout_user(logout)
Custom error
Must be used after FlaskSAML.init_app() or FlaskSAML() if you are not using it
def error(sender, exception):
"""
:param sender: application identifier
:type sender: str
:param exception: application exception
:type exception: Exception
"""
pass
saml.error(error)
Custom client
Must be used after FlaskSAML.init_app() or FlaskSAML() if you are not using it
def client(prefix, metadata, allow_unknown_attributes=True):
"""
:param prefix:
:type prefix: str
:param metadata:
:type metadata: str
:param allow_unknown_attributes:
:type allow_unknown_attributes: bool
:return:
:rtype: saml2.client.Saml2Client
"""
pass
saml.client(client)
Enjoy
LICENSE
See License file
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
flask_login_saml-1.0.2.tar.gz
(43.7 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file flask_login_saml-1.0.2.tar.gz.
File metadata
- Download URL: flask_login_saml-1.0.2.tar.gz
- Upload date:
- Size: 43.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3ce4cdbdadae46802054a08ce6575c0d44c8d682bd09a98185c56d3df22a741b
|
|
| MD5 |
b07fc28e04629f75133d14f1bdf38579
|
|
| BLAKE2b-256 |
c8123f00233166103a9639158b8bd1cd01aabd7573a8ec6786836e80a7b99dc3
|
File details
Details for the file flask_login_saml-1.0.2-py3-none-any.whl.
File metadata
- Download URL: flask_login_saml-1.0.2-py3-none-any.whl
- Upload date:
- Size: 31.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e97d344b8f5d71aba9476cef221adddd38d0ef10f183cd6f6d9f5e8cdc3d1a0c
|
|
| MD5 |
91e8f921b9e0a1e11dca5fd22d292f45
|
|
| BLAKE2b-256 |
6b762e0b6ae95efde2070215a788374fbd37fc05bf74fb7db071b50d3d3d0c77
|
