Flask SAML2 with flask-login
Project description
flask-login-saml
Flask SAML2 with flask-login
Installation
pip install flask-login-saml
Setup
- Base login configuration
import flask
from flask_login import LoginManager, login_required, current_user
from flask_login_saml import FlaskSAML
app = flask.Flask('flask')
saml = FlaskSAML()
def redirect_login():
return flask.redirect(flask.url_for('saml.login'))
@app.route('/saml/login/', endpoint='saml.login', methods=['GET'])
def login():
return saml.saml_login()
@app.route('/saml/metadata/', endpoint='saml.metadata', methods=['GET'])
def metadata():
return saml.metadata()
@app.route('/saml/authorize/', endpoint='saml.authorize', methods=['POST'])
def authorize():
return saml.authorize()
@app.route('/saml/logout/', endpoint='saml.logout', methods=['GET'])
@login_required
def logout():
return saml.saml_logout()
@app.route('/', methods=['GET'])
@login_required
def index():
return current_user.subject
if __name__ == '__main__':
lm = LoginManager(app)
lm.unauthorized_handler(redirect_login)
lm.user_loader(saml.user)
app.config.setdefault(
'SAML_METADATA_URL',
'https://<idp>/descriptor'
)
app.config['SECRET_KEY'] = 'secret'
app.config['SESSION_TYPE'] = 'filesystem'
saml.init_app(app)
app.run()
- Custom login configuration
import flask
from flask_login import LoginManager, login_required, current_user
from flask_login_saml import FlaskSAML
app = flask.Flask('flask')
saml = FlaskSAML(prefix='SSO')
def redirect_login():
return flask.redirect(flask.url_for('sso.login'))
@app.route('/sso/login/', endpoint='sso.login', methods=['GET'])
def login():
return saml.saml_login()
@app.route('/sso/metadata/', endpoint='sso.metadata', methods=['GET'])
def metadata():
return saml.metadata()
@app.route('/sso/authorize/', endpoint='sso.authorize', methods=['POST'])
def authorize():
return saml.authorize()
@app.route('/sso/logout/', endpoint='sso.logout', methods=['GET'])
@login_required
def logout():
return saml.saml_logout()
@app.route('/', methods=['GET'])
@login_required
def index():
return current_user.subject
if __name__ == '__main__':
lm = LoginManager(app)
lm.unauthorized_handler(redirect_login)
lm.user_loader(saml.user)
app.config.setdefault(
'SSO_METADATA_URL',
'https://<idp>/protocol/saml/descriptor'
)
app.config['SECRET_KEY'] = 'secret'
app.config['SESSION_TYPE'] = 'filesystem'
saml.init_app(app)
app.run()
Using custom user model
Must be used before FlaskSAML.init_app() and after FlaskSAML()
saml.user_model(UserModel)
Or can be loaded using environment '<PREFIX>_USER_CLASS'
See user.py for more information about user model
Custom login
Must be used before FlaskSAML.init_app() and after FlaskSAML()
def login(model, sender, subject, attributes, assertion, auth):
"""
:param model:
:param sender: application identifier
:type sender: str
:param subject: email address of the logged user
:type subject: str
:param attributes: list of user attributes
:type attributes: list
:param assertion: saml user assertion
:type assertion: str
:param auth: saml authn response used for remembering
:type auth: str
:return: if user logged in or not
:rtype: bool
"""
pass
saml.login_user(login)
Custom logout
Must be used before FlaskSAML.init_app() and after FlaskSAML()
def logout(sender):
"""
:param sender: application identifier
:type sender: str
"""
pass
saml.logout_user(logout)
Custom error
Must be used before FlaskSAML.init_app() and after FlaskSAML()
def error(sender, exception):
"""
:param sender: application identifier
:type sender: str
:param exception: application exception
:type exception: Exception
"""
pass
saml.error(error)
Custom client
Must be used before FlaskSAML.init_app() and after FlaskSAML()
def client(prefix, metadata, allow_unknown_attributes=True):
"""
:param prefix:
:type prefix: str
:param metadata:
:type metadata: str
:param allow_unknown_attributes:
:type allow_unknown_attributes: bool
:return:
:rtype: saml2.client.Saml2Client
"""
pass
saml.client(client)
Enjoy
LICENSE
See License file
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
flask_login_saml-1.0.6.tar.gz
(43.8 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file flask_login_saml-1.0.6.tar.gz.
File metadata
- Download URL: flask_login_saml-1.0.6.tar.gz
- Upload date:
- Size: 43.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
39490c2f483e4199d8e570c1c3d771a7160537d4f5f2fa091592b2b3460684df
|
|
| MD5 |
16b6701a391cc8ff1100631e8f151ad1
|
|
| BLAKE2b-256 |
bebf7c3255954e39c4a7f0d1325ff4ed8615de71bb744d4022ea296a5d51bc29
|
File details
Details for the file flask_login_saml-1.0.6-py3-none-any.whl.
File metadata
- Download URL: flask_login_saml-1.0.6-py3-none-any.whl
- Upload date:
- Size: 31.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
aeb02565c71e8e676521d56bba8efdbeadf4abda7965547fc4d5599d6828d24b
|
|
| MD5 |
8b048ad3b4c05038f69f95f7bcd8a379
|
|
| BLAKE2b-256 |
dca3fb665b8e167bd5509f46997274c55401329857f56c065580057cec76b390
|
