Flask SAML2 with flask-login
Project description
flask-login-saml
Flask SAML2 with flask-login
Installation
pip install flask-login-saml
Setup
- Base login configuration
import flask
from flask_login import LoginManager, login_required, current_user
from flask_login_saml import FlaskSAML
app = flask.Flask('flask')
saml = FlaskSAML()
def redirect_login():
return flask.redirect(flask.url_for('saml.login'))
@app.route('/saml/login/', endpoint='saml.login', methods=['GET'])
def login():
return saml.saml_login()
@app.route('/saml/metadata/', endpoint='saml.metadata', methods=['GET'])
def metadata():
return saml.metadata()
@app.route('/saml/authorize/', endpoint='saml.authorize', methods=['POST'])
def authorize():
return saml.authorize()
@app.route('/saml/logout/', endpoint='saml.logout', methods=['GET'])
@login_required
def logout():
return saml.saml_logout()
@app.route('/', methods=['GET'])
@login_required
def index():
return current_user.subject
if __name__ == '__main__':
lm = LoginManager(app)
lm.unauthorized_handler(redirect_login)
lm.user_loader(saml.user)
app.config.setdefault(
'SAML_METADATA_URL',
'https://<idp>/descriptor'
)
app.config['SECRET_KEY'] = 'secret'
app.config['SESSION_TYPE'] = 'filesystem'
saml.init_app(app)
app.run()
- Custom login configuration
import flask
from flask_login import LoginManager, login_required, current_user
from flask_login_saml import FlaskSAML
app = flask.Flask('flask')
saml = FlaskSAML(prefix='SSO')
def redirect_login():
return flask.redirect(flask.url_for('sso.login'))
@app.route('/sso/login/', endpoint='sso.login', methods=['GET'])
def login():
return saml.saml_login()
@app.route('/sso/metadata/', endpoint='sso.metadata', methods=['GET'])
def metadata():
return saml.metadata()
@app.route('/sso/authorize/', endpoint='sso.authorize', methods=['POST'])
def authorize():
return saml.authorize()
@app.route('/sso/logout/', endpoint='sso.logout', methods=['GET'])
@login_required
def logout():
return saml.saml_logout()
@app.route('/', methods=['GET'])
@login_required
def index():
return current_user.subject
if __name__ == '__main__':
lm = LoginManager(app)
lm.unauthorized_handler(redirect_login)
lm.user_loader(saml.user)
app.config.setdefault(
'SSO_METADATA_URL',
'https://<idp>/protocol/saml/descriptor'
)
app.config['SECRET_KEY'] = 'secret'
app.config['SESSION_TYPE'] = 'filesystem'
saml.init_app(app)
app.run()
Using custom user model
Must be used before FlaskSAML.init_app() and after FlaskSAML()
saml.user_model(UserModel)
Or can be loaded using environment '<PREFIX>_USER_CLASS'
See user.py for more information about user model
Custom login
Must be used before FlaskSAML.init_app() and after FlaskSAML()
def login(model, sender, subject, attributes, assertion, auth):
"""
:param model:
:param sender: application identifier
:type sender: str
:param subject: email address of the logged user
:type subject: str
:param attributes: list of user attributes
:type attributes: list
:param assertion: saml user assertion
:type assertion: str
:param auth: saml authn response used for remembering
:type auth: str
:return: if user logged in or not
:rtype: bool
"""
pass
saml.login_user(login)
Custom logout
Must be used before FlaskSAML.init_app() and after FlaskSAML()
def logout(sender):
"""
:param sender: application identifier
:type sender: str
"""
pass
saml.logout_user(logout)
Custom error
Must be used before FlaskSAML.init_app() and after FlaskSAML()
def error(sender, exception):
"""
:param sender: application identifier
:type sender: str
:param exception: application exception
:type exception: Exception
"""
pass
saml.error(error)
Custom client
Must be used before FlaskSAML.init_app() and after FlaskSAML()
def client(prefix, metadata, allow_unknown_attributes=True):
"""
:param prefix:
:type prefix: str
:param metadata:
:type metadata: str
:param allow_unknown_attributes:
:type allow_unknown_attributes: bool
:return:
:rtype: saml2.client.Saml2Client
"""
pass
saml.client(client)
Enjoy
LICENSE
See License file
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
flask_login_saml-1.0.7.tar.gz
(43.8 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file flask_login_saml-1.0.7.tar.gz.
File metadata
- Download URL: flask_login_saml-1.0.7.tar.gz
- Upload date:
- Size: 43.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e2fed6c282d1a574c718e7c1eb42d4b805167a6ba0ddc8a5475661d213a2cdd0
|
|
| MD5 |
2f587b61c6a00d7a2c8bbcdf44b199a4
|
|
| BLAKE2b-256 |
438039c4e8193a4e56d5e792bf6168a8085c0710b7d93bbdd664dafc166dae07
|
File details
Details for the file flask_login_saml-1.0.7-py3-none-any.whl.
File metadata
- Download URL: flask_login_saml-1.0.7-py3-none-any.whl
- Upload date:
- Size: 31.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7201f1e1f57b8999c4bfac2fa55de53d1129e099b06f7208f4dc597f47bbca28
|
|
| MD5 |
c526cb6d0424255374fc652f9187649a
|
|
| BLAKE2b-256 |
8a86a4956ac24a0f1750d0635c0dd730550d568b98ac930ccd3066b8e0310900
|
