djangosaml2 | Django SAML2 Service Provider based on pySAML2 | Authentication library

by IdentityPython Python Version: 1.9.3 License: Apache-2.0

X-Ray Key Features Code Snippets(4)Community Discussions(2)Vulnerabilities Install Support

kandi X-RAY | djangosaml2 Summary

djangosaml2 is a Python library typically used in Security, Authentication applications. djangosaml2 has no bugs, it has no vulnerabilities, it has build file available, it has a Permissive License and it has low support. You can install using 'pip install djangosaml2' or download it from GitHub, PyPI.

[Downloads] ![Python version] ![Django versions] ![Documentation Status] ![License] A Django application that builds a Fully Compliant SAML2 Service Provider on top of PySAML2 library. Djangosaml2 protects your project with a SAML2 SSO Authentication. Please consult the [official Documentation of djangosaml2] to get started.

Support

Quality

Security

License

Reuse

Support

djangosaml2 has a low active ecosystem.

It has 186 star(s) with 120 fork(s). There are 10 watchers for this library.

There were 4 major release(s) in the last 12 months.

There are 6 open issues and 143 have been closed. On average issues are closed in 32 days. There are 2 open pull requests and 0 closed requests.

It has a neutral sentiment in the developer community.

The latest version of djangosaml2 is 1.9.3

Quality

djangosaml2 has 0 bugs and 0 code smells.

Security

djangosaml2 has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

djangosaml2 code analysis shows 0 unresolved vulnerabilities.

There are 0 security hotspots that need review.

License

djangosaml2 is licensed under the Apache-2.0 License. This license is Permissive.

Permissive licenses have the least restrictions, and you can use them in most projects.

Reuse

djangosaml2 releases are available to install and integrate.

Deployable package is available in PyPI.

Build file is available. You can build the component from source.

Top functions reviewed by kandi - BETA

kandi has reviewed djangosaml2 and discovered the below as its top functions. This is intended to give you an instant insight into djangosaml2 implemented functionality, and help decide if they suit your requirements.

Handle logout request
Return a saml2 client
Return the config loader path
Finish the logout
Returns the SP config for the given request
Get the Subject Id from the session
Get a custom setting
Get the location of the HTTP response
Handle an unsupported SLO exception
Import a SAML config loader
Return the SPL configuration
Render the variable
Return a dictionary mapping idp to idp
Load SAML configuration
Synchronize this object
Store objects in the session
Handles GET requests
Handles HTTP GET request
Read file contents

Get all kandi verified functions for this library.

djangosaml2 Key Features

No Key Features are available at this moment for djangosaml2.

djangosaml2 Examples and Code Snippets

djangosaml2 authenticates user but i get anonymous user in my django view

Python

Lines of Code : 6

License : Strong Copyleft (CC BY-SA 4.0)

Copy

if ('django.contrib.auth.middleware.SessionAuthenticationMiddleware'
                in settings.MIDDLEWARE_CLASSES and 
                hasattr(user, 'get_session_auth_hash')):

        if hasattr(user, 'get_sessio

SAML error with https url in HUE djangosaml2

Python

Lines of Code : 2

License : Strong Copyleft (CC BY-SA 4.0)

Copy

base_url=https://hue.xyz.com:8889

SAML response signiture missing

Python

Lines of Code : 6

License : Strong Copyleft (CC BY-SA 4.0)

Copy

SAML_CONFIG = {
    'service': {
            'sp': {
                 "want_response_signed": False
...

SAML / Shibb authentication in Django

Python

Lines of Code : 9

License : Strong Copyleft (CC BY-SA 4.0)

Copy


    ShibRequestSetting redirectToSSL 443
    AuthType shibboleth
    ShibRequestSetting requireSession 1
    Require valid-user

Community Discussions

Trending Discussions on djangosaml2

djangosaml2 authenticates user but i get anonymous user in my django view

Django saml2 login missing session variables

QUESTION

djangosaml2 authenticates user but i get anonymous user in my django view

Asked 2021-Jun-12 at 12:19

I am using djangosaml2 to authenticate my users. i've been using it for a long time now with no problem. i am currently in the process of upgrading python and django to newer versions and the authentication does not work any more. Using the logs, i see that the authentication in djangosaml2 is successful butin my view, the request.user is anonymous user.

Here are the working and none-working libraty versions that i use:

Python: 2.7 --> 3.8

Django: 1.9 --> 1.11

djangosaml2: 0.17.2 (in both evns.)

pysaml2: 4.0.5 --> 6.5.1 (tested also with 4.0.5)

Additional Info:

i see that the call to /saml2/acs/ redirects to "/" (access to my site) and the response includes the session_id.

The next http call - to "/" - includes the received session_id.

However, in the Dbase i do not see this session id. As the session id is not found in the Dbase, it is indeed considered as anonymous.

Any idea why the session id is not stored?

...

ANSWER

Answered 2021-Jun-12 at 12:19

Ok, at last - i have a solution!

The problem arises as in saml2 i deleted the user's pwd in my post authenticate method (for some other reason). This pwd is not something the user is aware of and as such, no harm was done. Turns out that the library creates a password that is used for calculating the session hash code even though the user itself is not aware of this pwd. The session hash is calculated with this pwd. when compared with the calculated hash (based on user's deleted pwd) te result is False - causing the session to be flushed (and as there is no session, the user is anonymous)

This behavior is not new. Why did it work before, then?

In older django versions, the get_user (in contrib.auth.init) used to check the hash with the following condition:

Source https://stackoverflow.com/questions/67241098

QUESTION

Django saml2 login missing session variables

Asked 2021-Jun-07 at 13:30

For my Django application, I am trying to enable SSO using Djangosaml2 and following are the versions I am using

djangosaml2==1.2.0

pysaml2==7.0.0

djangorestframework==3.12.2

Django==3.1.7

python==3.8

My saml2_settings is as follows

...

ANSWER

Answered 2021-Jun-07 at 13:30

I ended up doing the following two things, then it started working for me

Downgraded the djangosaml2 and pysaml version to 0.19.0 and 4.9.0 respectively.
For HTTPS connection, added SESSION_COOKIE_SECURE = True and for dev i.e. run server cases, SESSION_COOKIE_SECURE = False in your settings.py

Source https://stackoverflow.com/questions/67798276

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install djangosaml2

You can install using 'pip install djangosaml2' or download it from GitHub, PyPI.
You can use djangosaml2 like any standard Python library. You will need to make sure that you have a development environment consisting of a Python distribution including header files, a compiler, pip, and git installed. Make sure that your pip, setuptools, and wheel are up to date. When using pip it is generally recommended to install packages in a virtual environment to avoid changes to the system.

Support

Please open Issues to start debate regarding the requested features, or the patch that you would apply. We do not use a strict submission format, please try to be more concise as possibile. The Pull Request MUST be done on the dev branch, please don’t push code directly on the master branch.

Find more information at: