concordusapps / python-saml Goto Github PK
View Code? Open in Web Editor NEWA python interface to produce and consume Security Asserion Markup Language v2.0 (SAML2) messages.
License: MIT License
A python interface to produce and consume Security Asserion Markup Language v2.0 (SAML2) messages.
License: MIT License
It would be great if the package supported AttributeStatements. They are crucial in our use cases (usually to include user information other than the username, such as groups/roles).
Ideally, there would be support for an AttributeStatement property in the Response object which contained a single object of an AttributeStatement class. It in turn would contain a list of Attribute classes, which would expose the properties "name" (a string) and "values" (a list). The SAML that it would export could look like the following:
<Assertion ...>
.....
<AttributeStatement>
<Attribute Name="username" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<AttributeValue xsi:type="xsd:string">aroth</AttributeValue>
</Attribute>
<Attribute Name="groups" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<AttributeValue xsi:type="xsd:string">Member</AttributeValue>
<AttributeValue xsi:type="xsd:string">Admin</AttributeValue>
<AttributeValue xsi:type="xsd:string">Contributor</AttributeValue>
</Attribute>
</AttributeStatement>
</Assertion>
Right now I manually construct this SAML section in XML using lxml.etree. I use your Response object to build everything else, but export the resulting SAML to string and import that to XML using lxml.etree. Finally, I inject the AttributeStatement XML into the Response XML's Assertion, and post that to the ACS. Not ideal, of course.
I would consider a pull request, but I'm not sure that I understand your code well enough to add this functionality on my own. If you were willing to field some questions, I could take a stab at it.
It seems that this package only works with Python 3.x. I get all sorts of syntax errors in trying to run this with Python 2.7.5.
Is this by design or just one of those things you never got around to? If not by design, I would consider a pull request (but I might need to ask you some questions). If by design, the reasoning would be appreciated.
Thanks!
Hello,
I'm trying to pass the Authnrequest, created according to test case example to a SimpleSAMLphp IdP, where i get:
Invalid SAML2 timestamp passed to parseSAML2Time: 2014-02-22T22:22:30
It seams that the format of the time, serialized by this module is not correct, it should be, according to SimpleSAMLphp:
2014-02-22T22:22:30Z (Z in the end)
SignatureMethod
and DigestMethod
algorithm is always set to http://www.w3.org/2000/09/xmldsig#rsa-sha1
. It would be good if http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
was supported also (and whatever else xmlsec supports).
These elements:
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.