To obtain metadata from your Python-Django project for Single Sign-On (SSO) implementation, you can follow these steps:
python3-saml
package using pip:pip install python3-saml
django.contrib.sites
app to your INSTALLED_APPS
setting in the settings.py
file:INSTALLED_APPS = [
...
'django.contrib.sites',
...
]
SITE_ID
setting in the settings.py
file:SITE_ID = 1
settings.py
file:SAML_CONFIG = {
'strict': True, # Set strict mode to True
'debug': False, # Set debug mode to False
'sp': {
'entityId': 'http://localhost:8000/saml2/metadata/', # The URL where the service provider metadata can be retrieved
'assertionConsumerService': { # The endpoint to which the IdP sends SAML responses
'url': 'http://localhost:8000/saml2/acs/',
'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
},
'singleLogoutService': { # The endpoint to which the IdP sends SAML logout requests
'url': 'http://localhost:8000/saml2/ls/',
'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
},
'NameIDFormat': 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified', # The format of the NameID provided by the IdP
'metadata': { # Metadata about the service provider (this application)
'local': [
{
'organization': {
'name': [(u'My Organization', 'en')],
'display_name': [(u'My Organization', 'en')],
'url': [(u'http://www.myorganization.com', 'en')],
},
'contact_person': {
'given_name': 'My Contact Person Given Name',
'sur_name': 'My Contact Person Sur Name',
'email_address': 'contact@myorganization.com',
'contact_type': 'technical',
},
'entity_id': 'http://localhost:8000/saml2/metadata/',
'name': 'My Service Provider',
},
],
},
'allow_unsolicited': True, # Whether to allow unsolicited authentication requests from the IdP
},
'idp': {
'entityId': 'https://idp.example.com/metadata/',
'singleSignOnService': {
'url': 'https://idp.example.com/sso/',
'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
},
'singleLogoutService': {
'url': 'https://idp.example.com/slo/',
'binding': 'urn:oasis:names:tc:SAML:2.0:Bindings:HTTP-Redirect',
},
'x509cert': 'MIIDBzCCAe+gAwIBAgIJAIOJQMBDhUPHMA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNV\n...',
'NameIDFormat': 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
},
}
Here, sp
stands for Service Provider, and idp
stands for Identity Provider.
urls.py
file:from django.urls import path
from django.contrib.auth.decorators import login_required
from django.views.decorators.csrf import csrf_exempt
from saml2 import views as saml2_views
urlpatterns = [
...
path('saml2/metadata/', login_required(csrf_exempt(saml2_views.metadata)), name='saml_metadata'),
...
]
Here, the metadata
function generates the SAML metadata for the Service Provider.
http://localhost:8000/saml2/metadata/
URL to retrieve the SAML metadata for your application.You can then use this metadata to set up your Identity Provider for Single Sign-On with your Python-Django application.
Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss
Asked: 2021-08-15 11:00:00 +0000
Seen: 9 times
Last updated: Jan 01 '23