Flask SAML2 with flask-login

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for frederick.ney from gravatar.com frederick.ney

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc...
  • Author: Frédérick NEY
  • Requires: Python >=3.7
Classifiers
Report project as malware

Project description

flask-login-saml

Flask SAML2 with flask-login

Installation

pip install flask-login-saml

Setup

  • Base login configuration
import flask

from flask_login import LoginManager, login_required, current_user
from flask_login_saml import FlaskSAML

app = flask.Flask('flask')
saml = FlaskSAML()


def redirect_login():
    return flask.redirect(flask.url_for('saml.login'))


@app.route('/saml/login/', endpoint='saml.login', methods=['GET'])
def login():
    return saml.saml_login()


@app.route('/saml/metadata/', endpoint='saml.metadata', methods=['GET'])
def metadata():
    return saml.metadata()


@app.route('/saml/authorize/', endpoint='saml.authorize', methods=['POST'])
def authorize():
    return saml.authorize()


@app.route('/saml/logout/', endpoint='saml.logout', methods=['GET'])
@login_required
def logout():
    return saml.saml_logout()


@app.route('/', methods=['GET'])
@login_required
def index():
    return current_user.subject


if __name__ == '__main__':
    lm = LoginManager(app)
    lm.unauthorized_handler(redirect_login)
    lm.user_loader(saml.user)
    app.config.setdefault(
        'SAML_METADATA_URL',
        'https://<idp>/descriptor'
    )
    app.config['SECRET_KEY'] = 'secret'
    app.config['SESSION_TYPE'] = 'filesystem'
    saml.init_app(app)
    app.run()
  • Custom login configuration
import flask

from flask_login import LoginManager, login_required, current_user
from flask_login_saml import FlaskSAML

app = flask.Flask('flask')
saml = FlaskSAML(prefix='SSO')


def redirect_login():
    return flask.redirect(flask.url_for('sso.login'))


@app.route('/sso/login/', endpoint='sso.login', methods=['GET'])
def login():
    return saml.saml_login()


@app.route('/sso/metadata/', endpoint='sso.metadata', methods=['GET'])
def metadata():
    return saml.metadata()


@app.route('/sso/authorize/', endpoint='sso.authorize', methods=['POST'])
def authorize():
    return saml.authorize()


@app.route('/sso/logout/', endpoint='sso.logout', methods=['GET'])
@login_required
def logout():
    return saml.saml_logout()


@app.route('/', methods=['GET'])
@login_required
def index():
    return current_user.subject


if __name__ == '__main__':
    lm = LoginManager(app)
    lm.unauthorized_handler(redirect_login)
    lm.user_loader(saml.user)
    app.config.setdefault(
        'SSO_METADATA_URL',
        'https://<idp>/protocol/saml/descriptor'
    )
    app.config['SECRET_KEY'] = 'secret'
    app.config['SESSION_TYPE'] = 'filesystem'
    saml.init_app(app)
    app.run()

Using custom user model

Must be used after FlaskSAML.init_app() or FlaskSAML() if you are not using it

saml.user_model(UserModel)

See user.py for more information about user model

Custom login

Must be used after FlaskSAML.init_app() or FlaskSAML() if you are not using it

def login(model, sender, subject, attributes, assertion, auth):
    """
    
    :param model:  
    :param sender: application identifier
    :type sender: str
    :param subject: email address of the logged user
    :type subject: str
    :param attributes: list of user attributes
    :type attributes: list
    :param assertion: saml user assertion
    :type assertion: str
    :param auth: saml authn response used for remembering
    :type auth: str
    :return: if user logged in or not
    :rtype: bool
    
    """
    pass

saml.login_user(login)

Custom logout

Must be used after FlaskSAML.init_app() or FlaskSAML() if you are not using it

def logout(sender):
    """
    :param sender: application identifier
    :type sender: str
    
    """
    pass

saml.logout_user(logout)

Custom error

Must be used after FlaskSAML.init_app() or FlaskSAML() if you are not using it

def error(sender, exception):
    """
    :param sender: application identifier
    :type sender: str
    :param exception: application exception
    :type exception: Exception
    
    """
    pass

saml.error(error)

Custom client

Must be used after FlaskSAML.init_app() or FlaskSAML() if you are not using it

def client(prefix, metadata, allow_unknown_attributes=True):
    """
    :param prefix:
    :type prefix: str
    :param metadata:
    :type metadata: str
    :param allow_unknown_attributes:
    :type allow_unknown_attributes: bool
    :return:
    :rtype: saml2.client.Saml2Client
    """
    pass

saml.client(client)

Enjoy

LICENSE

See License file

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for frederick.ney from gravatar.com frederick.ney

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc...
  • Author: Frédérick NEY
  • Requires: Python >=3.7
Classifiers

Release history Release notifications | RSS feed

1.0.7

1.0.6

1.0.4

This version

1.0.3

1.0.2

1.0.1 yanked

Reason this release was yanked:

documentation not available

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

flask_login_saml-1.0.3.tar.gz (43.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

flask_login_saml-1.0.3-py3-none-any.whl (31.2 kB view details)

Uploaded Python 3

File details

Details for the file flask_login_saml-1.0.3.tar.gz.

File metadata

  • Download URL: flask_login_saml-1.0.3.tar.gz
  • Upload date:
  • Size: 43.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.12.7

File hashes

Hashes for flask_login_saml-1.0.3.tar.gz
Algorithm Hash digest
SHA256 ad0cb0e9d51d7625dee665123b67fd5996f28b81f52085947cfc911e20cc8e76
MD5 6d2faa6b6e0c7f2ec50109e1a9a30870
BLAKE2b-256 750c4101aa0e6b1860869b6282f969b85122db8da2a38ca8f5ba8c2eae2aac99

See more details on using hashes here.

File details

Details for the file flask_login_saml-1.0.3-py3-none-any.whl.

File metadata

File hashes

Hashes for flask_login_saml-1.0.3-py3-none-any.whl
Algorithm Hash digest
SHA256 00c8eabf4263d6d20e138e08a92d89704832bd91d9b58c2140807fa44ede4538
MD5 711bae909eebdf0af317e065cc7ada99
BLAKE2b-256 830bc1eeda71f8f2b57dedc01ff08460588bc1fa64a73346c7984e3ceb1989e3

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page