A UW-specific adapter to the python3-saml package.

These details have not been verified by PyPI

Project links

Homepage

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Project description

uw-saml

A UW-specific adapter to the python3-saml package. This package was built to federate with other IdPs, but the default case is to use the UW Identity Provider. It can be used against any framework. For a django-specific package, also consider uw-django-saml2.

Installation

pip install uw-saml[python3-saml]

The extra [python3-saml] is because the SAML package can be cumbersome to install in a workstation environment, on account of needing the libxmlsec1-dev library. Therefore, it's an optional requirement, causing a runtime error instead of an install-time error. Alternatively, you can use a mock interface by setting uw_saml2.python3_saml.MOCK = True.

Example login endpoint using flask

In this example you've gone to SP Registry and registered an Entity ID of https://samldemo.iamdev.s.uw.edu/saml, with an ACS endpoint of https://samldemo.iamdev.s.uw.edu/saml/login. GETs will return a redirect to the IdP for authentication, and POSTs will try to process a SAML Response.

from flask import request, session, redirect
import uw_saml2

@app.route('/saml/login', methods=['GET', 'POST'])
def login():
    session.clear()
    args = {
        'entity_id': 'https://samldemo.iamdev.s.uw.edu/saml',
        'acs_url': 'https://samldemo.iamdev.s.uw.edu/saml/login'
    }
    if request.method == 'GET':
        args['return_to'] = request.args.get('url', None)
        return redirect(uw_saml2.login_redirect(**args))

    attributes = uw_saml2.process_response(request.form, **args)
    session['userid'] = attributes['uwnetid']
    session['groups'] = attributes.get('groups', [])

    relay_state = request.form.get('RelayState')
    if relay_state and relay_state.startswith('/'):
        return redirect(urljoin(request.url_root, request.form['RelayState']))

    return 'Welcome ' + session['userid']

Considerations

Give some consideration to session lifetime. The session in this example lives as a signed cookie. Ideally the cookie would expire at browser close, along with some time limit appropriate for your application. An example again with flask for a ten minute limit...

from datetime import timedelta

app.config.update(
    PERMANENT_SESSION_LIFETIME=timedelta(minutes=10)
)

Project details

These details have not been verified by PyPI

Project links

Homepage

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Release history Release notifications | RSS feed

1.2.8

Nov 28, 2023

1.2.7

Nov 2, 2023

1.2.6

Oct 18, 2023

1.2.5

Oct 16, 2023

1.2.4

Jun 26, 2023

1.2.3

Jun 8, 2023

1.2.2

May 3, 2023

1.2.1

May 3, 2023

1.2.0

May 19, 2022

1.1.1

Mar 22, 2022

1.1.0

Nov 9, 2021

1.0.20

Jun 2, 2021

1.0.20rc2 pre-release

Jun 2, 2021

1.0.19

Nov 6, 2020

1.0.19rc1 pre-release

Nov 6, 2020

1.0.18

Nov 5, 2020

1.0.18rc1 pre-release

Nov 5, 2020

1.0.17

Sep 11, 2020

1.0.16

Sep 9, 2020

1.0.15

Sep 9, 2020

1.0.14

Aug 25, 2020

1.0.13

Aug 25, 2020

1.0.12

Mar 16, 2020

1.0.10

Feb 18, 2020

1.0.9

Jan 21, 2020

1.0.8

Jan 21, 2020

1.0.7

Aug 23, 2019

1.0.6

Aug 23, 2019

1.0.5

Mar 5, 2019

1.0.4

Mar 1, 2019

1.0.3

Feb 16, 2019

This version

1.0.2

Feb 5, 2019

1.0.1

Feb 5, 2019

1.0.0

Feb 4, 2019

0.0.1

Feb 4, 2019

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

uw-saml-1.0.2.tar.gz (12.4 kB view hashes)

Uploaded Feb 5, 2019 Source

Hashes for uw-saml-1.0.2.tar.gz

Hashes for uw-saml-1.0.2.tar.gz
Algorithm	Hash digest
SHA256	`929eedc58d1fbd24a3d7163e35952e0ab29db97c39cd41cfef43494d4a0db266`
MD5	`2b4fb638954f83afd08d599372bbf303`
BLAKE2b-256	`53f70ee1d1de4b24c2c59b8922224471ac45d36ec2404b2dc72ebd2e82c821f9`