Onelogin Python Toolkit. Add SAML support to your Python software using this library
Add SAML support to your Python software using this library. Forget those complicated libraries and use the open source library provided and supported by OneLogin Inc.
This version supports Python3, There is a separate version that only support Python2: python-saml (https://pypi.python.org/pypi/python-saml)
Release 1.2.6 adds the use defusedxml that will prevent XEE and other attacks based on the abuse of XML. (CVE-2017-9672)
Update python3-saml to >= 1.2.1, 1.2.0 had a bug on signature validation process (when using wantAssertionsSigned and wantMessagesSigned). [CVE-2016-1000251](https://github.com/distributedweaknessfiling/DWF-Database-Artifacts/blob/master/DWF/2016/1000251/CVE-2016-1000251.json)
1.2.0 version includes a security patch that contains extra validations that will prevent signature wrapping attacks.
python3-saml < v1.2.0 is vulnerable and allows signature wrapping!
SAML is an XML-based standard for web browser single sign-on and is defined by the OASIS Security Services Technical Committee. The standard has been around since 2002, but lately it is becoming popular due its advantages:
OneLogin’s SAML Python toolkit let you build a SP (Service Provider) over your Python application and connect it to any IdP (Identity Provider).
Review the setup.py file to know the version of the library that python3-saml is using
The toolkit is hosted on github. You can download it from:
Copy the core of the library (src/onelogin/saml2 folder) and merge the setup.py inside the python application. (each application has its structure so take your time to locate the Python SAML toolkit in the best place).
The library is hosted in pypi, you can find the python3-saml package at https://pypi.python.org/pypi/python3-saml
You can install it executing:
pip install python3-saml
If you believe you have discovered a security vulnerability in this toolkit, please report it at https://www.onelogin.com/security with a description. We follow responsible disclosure guidelines, and will work with you to quickly find a resolution
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|File Name & Checksum SHA256 Checksum Help||Version||File Type||Upload Date|
|python3_saml-1.2.6-py2-none-any.whl (70.4 kB) Copy SHA256 Checksum SHA256||2.7||Wheel||Jun 15, 2017|
|python3_saml-1.2.6-py3-none-any.whl (70.4 kB) Copy SHA256 Checksum SHA256||3.5||Wheel||Jun 15, 2017|
|python3-saml-1.2.6.tar.gz (57.1 kB) Copy SHA256 Checksum SHA256||–||Source||Jun 15, 2017|