pysaml2 | Python implementation of SAML2 | Authentication library

by IdentityPython Python Version: 7.5.0 License: Apache-2.0

X-Ray Key Features Code Snippets(5)Community Discussions(2)Vulnerabilities Install Support

kandi X-RAY | pysaml2 Summary

pysaml2 is a Python library typically used in Security, Authentication applications. pysaml2 has no bugs, it has no vulnerabilities, it has a Permissive License and it has low support. However pysaml2 build file is not available. You can install using 'pip install pysaml2' or download it from GitHub, PyPI.

Python implementation of SAML2

Support

Quality

Security

License

Reuse

Support

pysaml2 has a low active ecosystem.

It has 501 star(s) with 403 fork(s). There are 30 watchers for this library.

There were 1 major release(s) in the last 12 months.

There are 66 open issues and 340 have been closed. On average issues are closed in 232 days. There are 20 open pull requests and 0 closed requests.

It has a neutral sentiment in the developer community.

The latest version of pysaml2 is 7.5.0

Quality

pysaml2 has 0 bugs and 0 code smells.

Security

pysaml2 has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

pysaml2 code analysis shows 0 unresolved vulnerabilities.

There are 0 security hotspots that need review.

License

pysaml2 is licensed under the Apache-2.0 License. This license is Permissive.

Permissive licenses have the least restrictions, and you can use them in most projects.

Reuse

pysaml2 releases are available to install and integrate.

Deployable package is available in PyPI.

pysaml2 has no build file. You will be need to create the build yourself to build the component from source.

It has 461122 lines of code, 3889 functions and 357 files.

It has low code complexity. Code complexity directly impacts maintainability of the code.

Top functions reviewed by kandi - BETA

kandi has reviewed pysaml2 and discovered the below as its top functions. This is intended to give you an instant insight into pysaml2 implemented functionality, and help decide if they suit your requirements.

Create an authn request
Yields all c children
Convert an element to a extension element
Returns a list of children
Handler for IDP
Convert SAMLBase object to a dictionary
Imports the specified metadata
Create an entity descriptor
Create a certificate
Get the subject from the assertion
Validate a bearer packet
Decode a name from a string
Serialize SAMLBase object to a dictionary
Process an SSO redirect message
Imports a metadata object
Creates an Authz decision query using the given assertion
Implements the properties section
Handle an authentication response
Create an authentication request
Validate instance
Represents this object
Create a security context
Print out the block
Create an EntityDescriptor
Create a Schema object from a file
Return a string representation of the element
Return a text representation of this node
Perform a single request
Do a single logout request

Get all kandi verified functions for this library.

pysaml2 Key Features

No Key Features are available at this moment for pysaml2.

pysaml2 Examples and Code Snippets

djangosaml2 authenticates user but i get anonymous user in my django view

Python

Lines of Code : 6

License : Strong Copyleft (CC BY-SA 4.0)

Copy

if ('django.contrib.auth.middleware.SessionAuthenticationMiddleware'
                in settings.MIDDLEWARE_CLASSES and 
                hasattr(user, 'get_session_auth_hash')):

        if hasattr(user, 'get_sessio

In pysaml2, how does one include attributes in the initial AuthNResponse?

Python

Lines of Code : 36

License : Strong Copyleft (CC BY-SA 4.0)

Copy

IDENTITY = {"surName": ["Jeter"], "givenName": ["Derek"],"title": ["shortstop"]}
server.create_authn_response(IDENTITY,...); # other arguments are omitted for this example


                
                    Dere

Google Cloud Functions include Brew dependency

Python

Lines of Code : 2

License : Strong Copyleft (CC BY-SA 4.0)

Copy

RUN apt-get install libffi-dev libxmlsec1 libssl-dev

SAML response signiture missing

Python

Lines of Code : 6

License : Strong Copyleft (CC BY-SA 4.0)

Copy

SAML_CONFIG = {
    'service': {
            'sp': {
                 "want_response_signed": False
...

SAML / Shibb authentication in Django

Python

Lines of Code : 9

License : Strong Copyleft (CC BY-SA 4.0)

Copy


    ShibRequestSetting redirectToSSL 443
    AuthType shibboleth
    ShibRequestSetting requireSession 1
    Require valid-user

Community Discussions

Trending Discussions on pysaml2

djangosaml2 authenticates user but i get anonymous user in my django view

Django saml2 login missing session variables

QUESTION

djangosaml2 authenticates user but i get anonymous user in my django view

Asked 2021-Jun-12 at 12:19

I am using djangosaml2 to authenticate my users. i've been using it for a long time now with no problem. i am currently in the process of upgrading python and django to newer versions and the authentication does not work any more. Using the logs, i see that the authentication in djangosaml2 is successful butin my view, the request.user is anonymous user.

Here are the working and none-working libraty versions that i use:

Python: 2.7 --> 3.8

Django: 1.9 --> 1.11

djangosaml2: 0.17.2 (in both evns.)

pysaml2: 4.0.5 --> 6.5.1 (tested also with 4.0.5)

Additional Info:

i see that the call to /saml2/acs/ redirects to "/" (access to my site) and the response includes the session_id.

The next http call - to "/" - includes the received session_id.

However, in the Dbase i do not see this session id. As the session id is not found in the Dbase, it is indeed considered as anonymous.

Any idea why the session id is not stored?

...

ANSWER

Answered 2021-Jun-12 at 12:19

Ok, at last - i have a solution!

The problem arises as in saml2 i deleted the user's pwd in my post authenticate method (for some other reason). This pwd is not something the user is aware of and as such, no harm was done. Turns out that the library creates a password that is used for calculating the session hash code even though the user itself is not aware of this pwd. The session hash is calculated with this pwd. when compared with the calculated hash (based on user's deleted pwd) te result is False - causing the session to be flushed (and as there is no session, the user is anonymous)

This behavior is not new. Why did it work before, then?

In older django versions, the get_user (in contrib.auth.init) used to check the hash with the following condition:

Source https://stackoverflow.com/questions/67241098

QUESTION

Django saml2 login missing session variables

Asked 2021-Jun-07 at 13:30

For my Django application, I am trying to enable SSO using Djangosaml2 and following are the versions I am using

djangosaml2==1.2.0

pysaml2==7.0.0

djangorestframework==3.12.2

Django==3.1.7

python==3.8

My saml2_settings is as follows

...

ANSWER

Answered 2021-Jun-07 at 13:30

I ended up doing the following two things, then it started working for me

Downgraded the djangosaml2 and pysaml version to 0.19.0 and 4.9.0 respectively.
For HTTPS connection, added SESSION_COOKIE_SECURE = True and for dev i.e. run server cases, SESSION_COOKIE_SECURE = False in your settings.py

Source https://stackoverflow.com/questions/67798276

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install pysaml2

You can install using 'pip install pysaml2' or download it from GitHub, PyPI.
You can use pysaml2 like any standard Python library. You will need to make sure that you have a development environment consisting of a Python distribution including header files, a compiler, pip, and git installed. Make sure that your pip, setuptools, and wheel are up to date. When using pip it is generally recommended to install packages in a virtual environment to avoid changes to the system.

Support

For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .

Find more information at: