Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

To obtain metadata from your Python-Django project for Single Sign-On (SSO) implementation, you can follow these steps:

  1. Install the python3-saml package using pip:
pip install python3-saml
  1. Add the django.contrib.sites app to your INSTALLED_APPS setting in the file:
  1. Add the site domain to your SITE_ID setting in the file:
  1. Configure the SAML settings in the file:
    'strict': True,  # Set strict mode to True
    'debug': False,  # Set debug mode to False
    'sp': {
        'entityId': 'http://localhost:8000/saml2/metadata/',  # The URL where the service provider metadata can be retrieved
        'assertionConsumerService': {  # The endpoint to which the IdP sends SAML responses
            'url': 'http://localhost:8000/saml2/acs/',
            'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
        'singleLogoutService': {  # The endpoint to which the IdP sends SAML logout requests
            'url': 'http://localhost:8000/saml2/ls/',
            'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
        'NameIDFormat': 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',  # The format of the NameID provided by the IdP
        'metadata': {  # Metadata about the service provider (this application)
            'local': [
                    'organization': {
                        'name': [(u'My Organization', 'en')],
                        'display_name': [(u'My Organization', 'en')],
                        'url': [(u'', 'en')],
                    'contact_person': {
                        'given_name': 'My Contact Person Given Name',
                        'sur_name': 'My Contact Person Sur Name',
                        'email_address': '',
                        'contact_type': 'technical',
                    'entity_id': 'http://localhost:8000/saml2/metadata/',
                    'name': 'My Service Provider',
        'allow_unsolicited': True,  # Whether to allow unsolicited authentication requests from the IdP
    'idp': {
        'entityId': '',
        'singleSignOnService': {
            'url': '',
            'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
        'singleLogoutService': {
            'url': '',
            'binding': 'urn:oasis:names:tc:SAML:2.0:Bindings:HTTP-Redirect',
        'NameIDFormat': 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',

Here, sp stands for Service Provider, and idp stands for Identity Provider.

  1. Create a URL pattern for the SAML metadata endpoint in your file:
from django.urls import path
from django.contrib.auth.decorators import login_required
from django.views.decorators.csrf import csrf_exempt
from saml2 import views as saml2_views

urlpatterns = [
    path('saml2/metadata/', login_required(csrf_exempt(saml2_views.metadata)), name='saml_metadata'),

Here, the metadata function generates the SAML metadata for the Service Provider.

  1. Run your Python-Django project and navigate to the http://localhost:8000/saml2/metadata/ URL to retrieve the SAML metadata for your application.

You can then use this metadata to set up your Identity Provider for Single Sign-On with your Python-Django application.