Skip to content

Commit

Permalink
Merge pull request #333 from onelogin/saml-migration
Browse files Browse the repository at this point in the history
Remove references to onelogin provided support to prepare for transfer to SAML-Toolkits from OneLogin
  • Loading branch information
not-ol-github authored Nov 18, 2022
2 parents ba572e2 + e07d54c commit 96ad99e
Show file tree
Hide file tree
Showing 59 changed files with 433 additions and 540 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/python-package.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ on:

jobs:
test:
runs-on: ubuntu-latest
runs-on: ubuntu-20.04
strategy:
fail-fast: false
matrix:
Expand Down Expand Up @@ -47,7 +47,7 @@ jobs:
- name: Test
run: make pytest
lint:
runs-on: ubuntu-latest
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
Expand Down
2 changes: 1 addition & 1 deletion LICENSE
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
Copyright (c) 2010-2021 OneLogin, Inc.
Copyright (c) 2010-2022 OneLogin, Inc.

Permission is hereby granted, free of charge, to any person
obtaining a copy of this software and associated documentation
Expand Down
52 changes: 24 additions & 28 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,16 +1,13 @@
# OneLogin's SAML Python Toolkit (compatible with Python3)
# SAML Python Toolkit (compatible with Python3)

[![Build Status](https://api.travis-ci.org/onelogin/python3-saml.png?branch=master)](http://travis-ci.org/onelogin/python3-saml)
[![PyPi Version](https://img.shields.io/pypi/v/python3-saml.svg)](https://pypi.python.org/pypi/python3-saml)
![Python versions](https://img.shields.io/pypi/pyversions/python3-saml.svg)

## **Notice:** This project is currently not under active development, please see [#320](https://github.com/onelogin/python3-saml/issues/320) for more information.

Add SAML support to your Python software using this library.
Forget those complicated libraries and use the open source library provided
and supported by OneLogin Inc.
Forget those complicated libraries and use the open source library provided by the SAML tool community.

This version supports Python3. There is a separate version that only support Python2: [python-saml](https://github.com/onelogin/python-saml)
This version supports Python3. Python 2 support was deprecated on Jan 1st, 2020: [python-saml](https://github.com/onelogin/python-saml)

#### Warning ####

Expand All @@ -34,7 +31,7 @@ Update ``python3-saml`` to ``>= 1.2.1``, ``1.2.0`` had a bug on signature valida

#### Security Guidelines ####

If you believe you have discovered a security vulnerability in this toolkit, please report it at https://www.onelogin.com/security with a description. We follow responsible disclosure guidelines, and will work with you to quickly find a resolution.
If you believe you have discovered a security vulnerability in this toolkit, please report it in an issue with a description. We follow responsible disclosure guidelines, and will work with you to quickly find a resolution.

Why add SAML support to my software?
------------------------------------
Expand Down Expand Up @@ -62,7 +59,7 @@ since 2002, but lately it is becoming popular due its advantages:
General Description
-------------------

OneLogin's SAML Python toolkit lets you turn your Python application into a SP
SAML Python toolkit lets you turn your Python application into a SP
(Service Provider) that can be connected to an IdP (Identity Provider).

**Supports:**
Expand All @@ -83,7 +80,6 @@ OneLogin's SAML Python toolkit lets you turn your Python application into a SP
* **Easy to use** - Programmer will be allowed to code high-level and
low-level programming, 2 easy to use APIs are available.
* **Tested** - Thoroughly tested.
* **Popular** - OneLogin's customers use it. Add easy support to your Django/Flask web projects.

Installation
------------
Expand All @@ -103,8 +99,8 @@ Review the ``setup.py`` file to know the version of the library that ``python3-s

The toolkit is hosted on GitHub. You can download it from:

* Latest release: https://github.com/onelogin/python3-saml/releases/latest
* Master repo: https://github.com/onelogin/python3-saml/tree/master
* Latest release: https://github.com/saml-toolkits/python3-saml/releases/latest
* Master repo: https://github.com/saml-toolkits/python3-saml/tree/master

Copy the core of the library ``(src/onelogin/saml2 folder)`` and merge the ``setup.py`` inside the Python application. (Each application has its structure so take your time to locate the Python SAML toolkit in the best place).

Expand Down Expand Up @@ -148,10 +144,10 @@ SAML Messages have a limited timelife (NotBefore, NotOnOrAfter) that
make harder this kind of attacks, but they are still possible.

In order to avoid them, the SP can keep a list of SAML Messages or Assertion IDs alredy valdidated and processed. Those values only need
to be stored the amount of time of the SAML Message life time, so
to be stored the amount of time of the SAML Message life time, so
we don't need to store all processed message/assertion Ids, but the most recent ones.

The OneLogin_Saml2_Auth class contains the [get_last_request_id](https://github.com/onelogin/python3-saml/blob/ab62b0d6f3e5ac2ae8e95ce3ed2f85389252a32d/src/onelogin/saml2/auth.py#L357), [get_last_message_id](https://github.com/onelogin/python3-saml/blob/ab62b0d6f3e5ac2ae8e95ce3ed2f85389252a32d/src/onelogin/saml2/auth.py#L364) and [get_last_assertion_id](https://github.com/onelogin/python3-saml/blob/ab62b0d6f3e5ac2ae8e95ce3ed2f85389252a32d/src/onelogin/saml2/auth.py#L371) methods to retrieve the IDs
The OneLogin_Saml2_Auth class contains the [get_last_request_id](https://github.com/onelogin/python3-saml/blob/ab62b0d6f3e5ac2ae8e95ce3ed2f85389252a32d/src/onelogin/saml2/auth.py#L357), [get_last_message_id](https://github.com/onelogin/python3-saml/blob/ab62b0d6f3e5ac2ae8e95ce3ed2f85389252a32d/src/onelogin/saml2/auth.py#L364) and [get_last_assertion_id](https://github.com/onelogin/python3-saml/blob/ab62b0d6f3e5ac2ae8e95ce3ed2f85389252a32d/src/onelogin/saml2/auth.py#L371) methods to retrieve the IDs

Checking that the ID of the current Message/Assertion does not exists in the lis of the ones already processed will prevent replay attacks.

Expand All @@ -161,7 +157,7 @@ Getting Started

### Knowing the toolkit ###

The new OneLogin SAML Toolkit contains different folders (``certs``, ``lib``, ``demo-django``, ``demo-flask`` and ``tests``) and some files.
The new SAML Toolkit contains different folders (``certs``, ``lib``, ``demo-django``, ``demo-flask`` and ``tests``) and some files.

Let's start describing them:

Expand Down Expand Up @@ -267,7 +263,7 @@ This is the ``settings.json`` file:
// URL Location where the <Response> from the IdP will be returned
"url": "https://<sp_domain>/?acs",
// SAML protocol binding to be used when returning the <Response>
// message. OneLogin Toolkit supports this endpoint for the
// message. SAML Toolkit supports this endpoint for the
// HTTP-POST binding only.
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
},
Expand All @@ -279,7 +275,7 @@ This is the ``settings.json`` file:
// OPTIONAL: only specify if different from url parameter
//"responseUrl": "https://<sp_domain>/?sls",
// SAML protocol binding to be used when returning the <Response>
// message. OneLogin Toolkit supports the HTTP-Redirect binding
// message. SAML Toolkit supports the HTTP-Redirect binding
// only for this endpoint.
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
},
Expand All @@ -289,7 +285,7 @@ This is the ``settings.json`` file:
"attributeConsumingService": {
// OPTIONAL: only specifiy if SP requires this.
// index is an integer which identifies the attributeConsumingService used
// to the SP. OneLogin toolkit supports configuring only one attributeConsumingService
// to the SP. SAML toolkit supports configuring only one attributeConsumingService
// but in certain cases the SP requires a different value. Defaults to '1'.
// "index": '1',
"serviceName": "SP test",
Expand Down Expand Up @@ -333,7 +329,7 @@ This is the ``settings.json`` file:
// will be sent.
"url": "https://app.onelogin.com/trust/saml2/http-post/sso/<onelogin_connector_id>",
// SAML protocol binding to be used when returning the <Response>
// message. OneLogin Toolkit supports the HTTP-Redirect binding
// message. SAML Toolkit supports the HTTP-Redirect binding
// only for this endpoint.
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
},
Expand All @@ -342,10 +338,10 @@ This is the ``settings.json`` file:
// URL Location where the <LogoutRequest> from the IdP will be sent (IdP-initiated logout)
"url": "https://app.onelogin.com/trust/saml2/http-redirect/slo/<onelogin_connector_id>",
// URL Location where the <LogoutResponse> from the IdP will sent (SP-initiated logout, reply)
// OPTIONAL: only specify if different from url parameter
// OPTIONAL: only specify if different from url parameter
"responseUrl": "https://app.onelogin.com/trust/saml2/http-redirect/slo_return/<onelogin_connector_id>",
// SAML protocol binding to be used when returning the <Response>
// message. OneLogin Toolkit supports the HTTP-Redirect binding
// message. SAML Toolkit supports the HTTP-Redirect binding
// only for this endpoint.
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
},
Expand Down Expand Up @@ -483,7 +479,7 @@ In addition to the required settings data (idp, sp), extra settings can be defin
// 'http://www.w3.org/2001/04/xmldsig-more#sha384'
// 'http://www.w3.org/2001/04/xmlenc#sha512'
'digestAlgorithm': "http://www.w3.org/2001/04/xmlenc#sha256",

// Specify if you want the SP to view assertions with duplicated Name or FriendlyName attributes to be valid
// Defaults to false if not specified
'allowRepeatAttributeName': false,
Expand Down Expand Up @@ -562,7 +558,7 @@ There's an easier method -- use a metadata exchange. Metadata is just an XML fi

Using ````parse_remote```` IdP metadata can be obtained and added to the settings without further ado.

Take in mind that the OneLogin_Saml2_IdPMetadataParser class does not validate in any way the URL that is introduced in order to be parsed.
Take in mind that the OneLogin_Saml2_IdPMetadataParser class does not validate in any way the URL that is introduced in order to be parsed.

Usually the same administrator that handles the Service Provider also sets the URL to the IdP, which should be a trusted resource.

Expand Down Expand Up @@ -985,7 +981,7 @@ Described below are the main classes and methods that can be invoked from the SA

#### OneLogin_Saml2_Auth - auth.py ####

Main class of OneLogin Python Toolkit
Main class of SAML Python Toolkit

* `__init__` Initializes the SP SAML instance.
* ***login*** Initiates the SSO process.
Expand Down Expand Up @@ -1078,7 +1074,7 @@ SAML 2 Logout Response class

#### OneLogin_Saml2_Settings - settings.py ####

Configuration of the OneLogin Python Toolkit
Configuration of the SAML Python Toolkit

* `__init__` Initializes the settings: Sets the paths of the different folders and Loads settings info from settings file or array/object provided.
* ***check_settings*** Checks the settings info.
Expand Down Expand Up @@ -1246,7 +1242,7 @@ The flask project contains:

#### SP setup ####

The Onelogin's Python Toolkit allows you to provide the settings info in 2 ways: Settings files or define a setting dict. In the ``demo-flask``, it uses the first method.
The SAML Python Toolkit allows you to provide the settings info in 2 ways: Settings files or define a setting dict. In the ``demo-flask``, it uses the first method.

In the ``index.py`` file we define the ``app.config['SAML_PATH']``, that will target to the ``saml`` folder. We require it in order to load the settings files.

Expand Down Expand Up @@ -1319,7 +1315,7 @@ The tornado project contains:

#### SP setup ####

The Onelogin's Python Toolkit allows you to provide the settings info in 2 ways: Settings files or define a setting dict. In the ``demo-tornado``, it uses the first method.
The SAML Python Toolkit allows you to provide the settings info in 2 ways: Settings files or define a setting dict. In the ``demo-tornado``, it uses the first method.

In the ``settings.py`` file we define the ``SAML_PATH``, that will target to the ``saml`` folder. We require it in order to load the settings files.

Expand Down Expand Up @@ -1392,7 +1388,7 @@ The django project contains:

#### SP setup ####

The Onelogin's Python Toolkit allows you to provide the settings info in 2 ways: settings files or define a setting dict. In the demo-django it used the first method.
The SAML Python Toolkit allows you to provide the settings info in 2 ways: settings files or define a setting dict. In the demo-django it used the first method.

After set the ``SAML_FOLDER`` in the ``demo/settings.py``, the settings of the Python toolkit will be loaded on the Django web.

Expand Down Expand Up @@ -1472,7 +1468,7 @@ The Pyramid project contains:

#### SP setup ####

The Onelogin's Python Toolkit allows you to provide the settings info in 2 ways: settings files or define a setting dict. In ``demo_pyramid`` the first method is used.
The SAML Python Toolkit allows you to provide the settings info in 2 ways: settings files or define a setting dict. In ``demo_pyramid`` the first method is used.

In the ``views.py`` file we define the ``SAML_PATH``, which will target the ``saml`` folder. We require it in order to load the settings files.

Expand Down
2 changes: 1 addition & 1 deletion demo-django/saml/certs/README
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
Take care of this folder that could contain private key. Be sure that this folder never is published.

Onelogin Python Toolkit expects that certs for the SP could be stored in this folder as:
SAML Python Toolkit expects that certs for the SP could be stored in this folder as:

* sp.key Private Key
* sp.crt Public cert
Expand Down
4 changes: 2 additions & 2 deletions demo-django/templates/base.html
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">

<title>A Python SAML Toolkit by OneLogin demo</title>
<title>A Python SAML Toolkit demo</title>

<link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css">

Expand All @@ -18,7 +18,7 @@
</head>
<body>
<div class="container">
<h1>A Python SAML Toolkit by OneLogin demo</h1>
<h1>A Python SAML Toolkit demo</h1>

{% block content %}{% endblock %}
</div>
Expand Down
2 changes: 1 addition & 1 deletion demo-flask/saml/certs/README
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
Take care of this folder that could contain private key. Be sure that this folder never is published.

Onelogin Python Toolkit expects that certs for the SP could be stored in this folder as:
SAML Python Toolkit expects that certs for the SP could be stored in this folder as:

* sp.key Private Key
* sp.crt Public cert
Expand Down
4 changes: 2 additions & 2 deletions demo-flask/templates/base.html
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">

<title>A Python SAML Toolkit by OneLogin demo</title>
<title>A Python SAML Toolkit demo</title>

<link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css">

Expand All @@ -18,7 +18,7 @@
</head>
<body>
<div class="container">
<h1>A Python SAML Toolkit by OneLogin demo</h1>
<h1>A Python SAML Toolkit demo</h1>

{% block content %}{% endblock %}
</div>
Expand Down
2 changes: 1 addition & 1 deletion demo-tornado/saml/certs/README
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
Take care of this folder that could contain private key. Be sure that this folder never is published.

Onelogin Python Toolkit expects that certs for the SP could be stored in this folder as:
SAML Python Toolkit expects that certs for the SP could be stored in this folder as:

* sp.key Private Key
* sp.crt Public cert
Expand Down
4 changes: 2 additions & 2 deletions demo-tornado/templates/base.html
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">

<title>A Python SAML Toolkit by OneLogin demo</title>
<title>A Python SAML Toolkit demo</title>

<link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css">

Expand All @@ -18,7 +18,7 @@
</head>
<body>
<div class="container">
<h1>A Python SAML Toolkit by OneLogin demo</h1>
<h1>A Python SAML Toolkit demo</h1>

{% block content %}{% end %}
</div>
Expand Down
2 changes: 1 addition & 1 deletion demo_pyramid/demo_pyramid/saml/certs/README
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
Take care of this folder that could contain private key. Be sure that this folder never is published.

Onelogin Python Toolkit expects that certs for the SP could be stored in this folder as:
SAML Python Toolkit expects that certs for the SP could be stored in this folder as:

* sp.key Private Key
* sp.crt Public cert
Expand Down
21 changes: 10 additions & 11 deletions docs/saml2/_modules/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,12 @@
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Overview: module code &mdash; OneLogin SAML Python library classes and methods</title>

<title>Overview: module code &mdash; SAML Python library classes and methods</title>

<link rel="stylesheet" href="../_static/default.css" type="text/css" />
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />

<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../',
Expand All @@ -25,7 +25,7 @@
<script type="text/javascript" src="../_static/jquery.js"></script>
<script type="text/javascript" src="../_static/underscore.js"></script>
<script type="text/javascript" src="../_static/doctools.js"></script>
<link rel="top" title="OneLogin SAML Python library classes and methods" href="../index.html" />
<link rel="top" title="SAML Python library classes and methods" href="../index.html" />
</head>
<body>
<div class="related">
Expand All @@ -37,15 +37,15 @@ <h3>Navigation</h3>
<li class="right" >
<a href="../py-modindex.html" title="Python Class Index"
>modules</a> |</li>
<li><a href="../index.html">OneLogin SAML Python library classes and methods</a> &raquo;</li>
<li><a href="../index.html">SAML Python library classes and methods</a> &raquo;</li>
</ul>
</div>
</div>

<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body">

<h1>All modules for which code is available</h1>
<ul><li><a href="saml2/auth.html">saml2.auth</a></li>
<li><a href="saml2/authn_request.html">saml2.authn_request</a></li>
Expand Down Expand Up @@ -90,12 +90,11 @@ <h3>Navigation</h3>
<li class="right" >
<a href="../py-modindex.html" title="Python Class Index"
>modules</a> |</li>
<li><a href="../index.html">OneLogin SAML Python library classes and methods</a> &raquo;</li>
<li><a href="../index.html">SAML Python library classes and methods</a> &raquo;</li>
</ul>
</div>
<div class="footer">
&copy; Copyright 2014, OneLogin Inc..
Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.1.3.
</div>
</body>
</html>
</html>
Loading

0 comments on commit 96ad99e

Please sign in to comment.