What is the process for obtaining metadata from my Python-Django project in order to execute SSO?

edit

To obtain metadata from your Python-Django project for Single Sign-On (SSO) implementation, you can follow these steps:

1. Install the python3-saml package using pip:

pip install python3-saml

1. Add the django.contrib.sites app to your INSTALLED_APPS setting in the settings.py file:

INSTALLED_APPS = [
    ...
    'django.contrib.sites',
    ...
]

1. Add the site domain to your SITE_ID setting in the settings.py file:

SITE_ID = 1

1. Configure the SAML settings in the settings.py file:

SAML_CONFIG = {
    'strict': True,  # Set strict mode to True
    'debug': False,  # Set debug mode to False
    'sp': {
        'entityId': 'http://localhost:8000/saml2/metadata/',  # The URL where the service provider metadata can be retrieved
        'assertionConsumerService': {  # The endpoint to which the IdP sends SAML responses
            'url': 'http://localhost:8000/saml2/acs/',
            'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
        },
        'singleLogoutService': {  # The endpoint to which the IdP sends SAML logout requests
            'url': 'http://localhost:8000/saml2/ls/',
            'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
        },
        'NameIDFormat': 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',  # The format of the NameID provided by the IdP
        'metadata': {  # Metadata about the service provider (this application)
            'local': [
                {
                    'organization': {
                        'name': [(u'My Organization', 'en')],
                        'display_name': [(u'My Organization', 'en')],
                        'url': [(u'http://www.myorganization.com', 'en')],
                    },
                    'contact_person': {
                        'given_name': 'My Contact Person Given Name',
                        'sur_name': 'My Contact Person Sur Name',
                        'email_address': 'contact@myorganization.com',
                        'contact_type': 'technical',
                    },
                    'entity_id': 'http://localhost:8000/saml2/metadata/',
                    'name': 'My Service Provider',
                },
            ],
        },
        'allow_unsolicited': True,  # Whether to allow unsolicited authentication requests from the IdP
    },
    'idp': {
        'entityId': 'https://idp.example.com/metadata/',
        'singleSignOnService': {
            'url': 'https://idp.example.com/sso/',
            'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
        },
        'singleLogoutService': {
            'url': 'https://idp.example.com/slo/',
            'binding': 'urn:oasis:names:tc:SAML:2.0:Bindings:HTTP-Redirect',
        },
        'x509cert': 'MIIDBzCCAe+gAwIBAgIJAIOJQMBDhUPHMA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNV\n...',
        'NameIDFormat': 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
    },
}

Here, sp stands for Service Provider, and idp stands for Identity Provider.

1. Create a URL pattern for the SAML metadata endpoint in your urls.py file:

from django.urls import path
from django.contrib.auth.decorators import login_required
from django.views.decorators.csrf import csrf_exempt
from saml2 import views as saml2_views

urlpatterns = [
    ...
    path('saml2/metadata/', login_required(csrf_exempt(saml2_views.metadata)), name='saml_metadata'),
    ...
]

Here, the metadata function generates the SAML metadata for the Service Provider.

1. Run your Python-Django project and navigate to the http://localhost:8000/saml2/metadata/ URL to retrieve the SAML metadata for your application.

You can then use this metadata to set up your Identity Provider for Single Sign-On with your Python-Django application.