Flask SAML2 with flask-login
Project description
flask-login-saml
Flask SAML2 with flask-login
Installation
pip install flask-login-saml
Setup
- Base login configuration
import flask
from flask_login import LoginManager, login_required, current_user
from flask_login_saml import FlaskSAML
app = flask.Flask('flask')
saml = FlaskSAML()
def redirect_login():
return flask.redirect(flask.url_for('saml.login'))
@app.route('/saml/login/', endpoint='saml.login', methods=['GET'])
def login():
return saml.saml_login()
@app.route('/saml/metadata/', endpoint='saml.metadata', methods=['GET'])
def metadata():
return saml.metadata()
@app.route('/saml/authorize/', endpoint='saml.authorize', methods=['POST'])
def authorize():
return saml.authorize()
@app.route('/saml/logout/', endpoint='saml.logout', methods=['GET'])
@login_required
def logout():
return saml.saml_logout()
@app.route('/', methods=['GET'])
@login_required
def index():
return current_user.subject
if __name__ == '__main__':
lm = LoginManager(app)
lm.unauthorized_handler(redirect_login)
lm.user_loader(saml.user)
app.config.setdefault(
'SAML_METADATA_URL',
'https://<idp>/descriptor'
)
app.config['SECRET_KEY'] = 'secret'
app.config['SESSION_TYPE'] = 'filesystem'
saml.init_app(app)
app.run()
- Custom login configuration
import flask
from flask_login import LoginManager, login_required, current_user
from flask_login_saml import FlaskSAML
app = flask.Flask('flask')
saml = FlaskSAML(prefix='SSO')
def redirect_login():
return flask.redirect(flask.url_for('sso.login'))
@app.route('/sso/login/', endpoint='sso.login', methods=['GET'])
def login():
return saml.saml_login()
@app.route('/sso/metadata/', endpoint='sso.metadata', methods=['GET'])
def metadata():
return saml.metadata()
@app.route('/sso/authorize/', endpoint='sso.authorize', methods=['POST'])
def authorize():
return saml.authorize()
@app.route('/sso/logout/', endpoint='sso.logout', methods=['GET'])
@login_required
def logout():
return saml.saml_logout()
@app.route('/', methods=['GET'])
@login_required
def index():
return current_user.subject
if __name__ == '__main__':
lm = LoginManager(app)
lm.unauthorized_handler(redirect_login)
lm.user_loader(saml.user)
app.config.setdefault(
'SSO_METADATA_URL',
'https://<idp>/protocol/saml/descriptor'
)
app.config['SECRET_KEY'] = 'secret'
app.config['SESSION_TYPE'] = 'filesystem'
saml.init_app(app)
app.run()
Using custom user model
Must be used after FlaskSAML.init_app() or FlaskSAML() if you are not using it
saml.user_model(UserModel)
See user.py for more information about user model
Custom login
Must be used after FlaskSAML.init_app() or FlaskSAML() if you are not using it
def login(model, sender, subject, attributes, assertion, auth):
"""
:param model:
:param sender: application identifier
:type sender: str
:param subject: email address of the logged user
:type subject: str
:param attributes: list of user attributes
:type attributes: list
:param assertion: saml user assertion
:type assertion: str
:param auth: saml authn response used for remembering
:type auth: str
:return: if user logged in or not
:rtype: bool
"""
pass
saml.login_user(login)
Custom logout
Must be used after FlaskSAML.init_app() or FlaskSAML() if you are not using it
def logout(sender):
"""
:param sender: application identifier
:type sender: str
"""
pass
saml.logout_user(logout)
Custom error
Must be used after FlaskSAML.init_app() or FlaskSAML() if you are not using it
def error(sender, exception):
"""
:param sender: application identifier
:type sender: str
:param exception: application exception
:type exception: Exception
"""
pass
saml.error(error)
Custom client
Must be used after FlaskSAML.init_app() or FlaskSAML() if you are not using it
def client(prefix, metadata, allow_unknown_attributes=True):
"""
:param prefix:
:type prefix: str
:param metadata:
:type metadata: str
:param allow_unknown_attributes:
:type allow_unknown_attributes: bool
:return:
:rtype: saml2.client.Saml2Client
"""
pass
saml.client(client)
Enjoy
LICENSE
See License file
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
flask_login_saml-1.0.4.tar.gz
(43.7 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file flask_login_saml-1.0.4.tar.gz.
File metadata
- Download URL: flask_login_saml-1.0.4.tar.gz
- Upload date:
- Size: 43.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
734950f5222149081b0c67f890e94588df18bb5bb8f5a30fc6c9e24687a71d56
|
|
| MD5 |
f212771a163bbab8f328d0a605321e00
|
|
| BLAKE2b-256 |
f85c962ee752e44f9edbc65c0cbb3bdb7af5321ce92242fbdb781ebf1b0eaf3f
|
File details
Details for the file flask_login_saml-1.0.4-py3-none-any.whl.
File metadata
- Download URL: flask_login_saml-1.0.4-py3-none-any.whl
- Upload date:
- Size: 31.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f0f9a04ded60fc9196d5c3ef5bd83803ebd71065cf382b36df4cb6e9175f33ac
|
|
| MD5 |
dfc8e233c50c674584449373e0ff6830
|
|
| BLAKE2b-256 |
460527e53eca997dae0afac8f87364bbe514256771eb0c6ba0579d9bcd6f9fbc
|
