djangosaml2 | maintenance fork | Authentication library

by knaperek Python Version: v1.0.4 License: Apache-2.0

X-Ray Key Features Code Snippets Community Discussions(2)Vulnerabilities Install Support

kandi X-RAY | djangosaml2 Summary

djangosaml2 is a Python library typically used in Security, Authentication applications. djangosaml2 has no bugs, it has no vulnerabilities, it has build file available, it has a Permissive License and it has low support. You can install using 'pip install djangosaml2' or download it from GitHub, PyPI.

A maintenance fork of the original and no longer maintained djangosaml2 library.

Support

Quality

Security

License

Reuse

Support

djangosaml2 has a low active ecosystem.

It has 142 star(s) with 90 fork(s). There are 10 watchers for this library.

It had no major release in the last 12 months.

There are 4 open issues and 108 have been closed. On average issues are closed in 53 days. There are 1 open pull requests and 0 closed requests.

It has a neutral sentiment in the developer community.

The latest version of djangosaml2 is v1.0.4

Quality

djangosaml2 has 0 bugs and 0 code smells.

Security

djangosaml2 has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

djangosaml2 code analysis shows 0 unresolved vulnerabilities.

There are 0 security hotspots that need review.

License

djangosaml2 is licensed under the Apache-2.0 License. This license is Permissive.

Permissive licenses have the least restrictions, and you can use them in most projects.

Reuse

djangosaml2 releases are available to install and integrate.

Deployable package is available in PyPI.

Build file is available. You can build the component from source.

Top functions reviewed by kandi - BETA

kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of djangosaml2

Get all kandi verified functions for this library.

djangosaml2 Key Features

No Key Features are available at this moment for djangosaml2.

djangosaml2 Examples and Code Snippets

No Code Snippets are available at this moment for djangosaml2.

Community Discussions

Trending Discussions on djangosaml2

djangosaml2 authenticates user but i get anonymous user in my django view

Django saml2 login missing session variables

QUESTION

djangosaml2 authenticates user but i get anonymous user in my django view

Asked 2021-Jun-12 at 12:19

I am using djangosaml2 to authenticate my users. i've been using it for a long time now with no problem. i am currently in the process of upgrading python and django to newer versions and the authentication does not work any more. Using the logs, i see that the authentication in djangosaml2 is successful butin my view, the request.user is anonymous user.

Here are the working and none-working libraty versions that i use:

Python: 2.7 --> 3.8

Django: 1.9 --> 1.11

djangosaml2: 0.17.2 (in both evns.)

pysaml2: 4.0.5 --> 6.5.1 (tested also with 4.0.5)

Additional Info:

i see that the call to /saml2/acs/ redirects to "/" (access to my site) and the response includes the session_id.

The next http call - to "/" - includes the received session_id.

However, in the Dbase i do not see this session id. As the session id is not found in the Dbase, it is indeed considered as anonymous.

Any idea why the session id is not stored?

...

ANSWER

Answered 2021-Jun-12 at 12:19

Ok, at last - i have a solution!

The problem arises as in saml2 i deleted the user's pwd in my post authenticate method (for some other reason). This pwd is not something the user is aware of and as such, no harm was done. Turns out that the library creates a password that is used for calculating the session hash code even though the user itself is not aware of this pwd. The session hash is calculated with this pwd. when compared with the calculated hash (based on user's deleted pwd) te result is False - causing the session to be flushed (and as there is no session, the user is anonymous)

This behavior is not new. Why did it work before, then?

In older django versions, the get_user (in contrib.auth.init) used to check the hash with the following condition:

Source https://stackoverflow.com/questions/67241098

QUESTION

Django saml2 login missing session variables

Asked 2021-Jun-07 at 13:30

For my Django application, I am trying to enable SSO using Djangosaml2 and following are the versions I am using

djangosaml2==1.2.0

pysaml2==7.0.0

djangorestframework==3.12.2

Django==3.1.7

python==3.8

My saml2_settings is as follows

...

ANSWER

Answered 2021-Jun-07 at 13:30

I ended up doing the following two things, then it started working for me

Downgraded the djangosaml2 and pysaml version to 0.19.0 and 4.9.0 respectively.
For HTTPS connection, added SESSION_COOKIE_SECURE = True and for dev i.e. run server cases, SESSION_COOKIE_SECURE = False in your settings.py

Source https://stackoverflow.com/questions/67798276

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install djangosaml2

You can install using 'pip install djangosaml2' or download it from GitHub, PyPI.
You can use djangosaml2 like any standard Python library. You will need to make sure that you have a development environment consisting of a Python distribution including header files, a compiler, pip, and git installed. Make sure that your pip, setuptools, and wheel are up to date. When using pip it is generally recommended to install packages in a virtual environment to avoid changes to the system.

Support

For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .

Find more information at: