user.auth.clients.saml2

Module Contents

Classes

SAML2Attributes

Holds the required SAML2 Attributes

SAML2Client

SAML2Connections

Mangled

Dict like interface that mangles the name_id that gets passed into the

IdentityCache

Extension to the dict/shelve based default cache to use our

Functions

handle_logout_request(→ tuple[bool, Any])

finish_logout(→ webob.Response)

user.auth.clients.saml2.handle_logout_request(conn: saml2.client.Saml2Client, name_id: str | None, logout_req: Any, relay_state: str | None) tuple[bool, Any][source]
user.auth.clients.saml2.finish_logout(request: onegov.core.request.CoreRequest, user: onegov.user.User, to: str, local: bool = True) webob.Response[source]
class user.auth.clients.saml2.SAML2Attributes[source]

Holds the required SAML2 Attributes

source_id: str[source]
username: str[source]
first_name: str[source]
last_name: str[source]
groups: str[source]
classmethod from_cfg(cfg: dict[str, Any]) typing_extensions.Self[source]
class user.auth.clients.saml2.SAML2Client[source]
metadata: str[source]

Paths to the relevant idp metadata XML files

button_text: str[source]

Text to show on login button

treat_as_ldap: bool[source]

Whether or not users created by this provider should show up as being created by LDAP instead. Necessary when using LDAP to sync the users periodically and deactivate old accounts.

want_resonse_signed: bool[source]

Whether the response from the IdP should be signed

attributes: SAML2Attributes[source]

Mapping of attribute names

primary: bool[source]
_connections: dict[str, saml2.client.Saml2Client][source]
get_binding(request: onegov.core.request.CoreRequest) str[source]
get_sessions(app: UserApp | Framework) Mangled[source]
get_redirects(app: UserApp | Framework) Mangled[source]
connection(provider: onegov.user.auth.provider.SAML2Provider, request: onegov.core.request.CoreRequest) saml2.client.Saml2Client[source]

Returns the SAML2 instance

get_name_id(user: User | None) str | None[source]
create_logout_request(provider: onegov.user.auth.provider.SAML2Provider, request: onegov.core.request.CoreRequest, user: User | None) tuple[str | None, Any | None][source]
handle_slo(provider: onegov.user.auth.provider.SAML2Provider, request: onegov.core.request.CoreRequest) webob.Response[source]
class user.auth.clients.saml2.SAML2Connections[source]
connections: dict[str, SAML2Client][source]
client(app: onegov.user.auth.provider.HasApplicationIdAndNamespace) SAML2Client | None[source]
classmethod from_cfg(config: dict[str, Any]) typing_extensions.Self[source]
class user.auth.clients.saml2.Mangled(cache: onegov.core.cache.RedisCacheRegion, prefix: str = '')[source]

Dict like interface that mangles the name_id that gets passed into the cache, so valid name_ids cannot be discovered through key listing

mangle(name_id: str) str[source]
get(name_id: str, default: None = None) Any | None[source]
get(name_id: str, default: Any) Any
pop(name_id: str) Any[source]
pop(name_id: str, default: None) Any | None
pop(name_id: str, default: Any) Any
__getitem__(name_id: str) Any[source]
__setitem__(name_id: str, value: Any) None[source]
__delitem__(name_id: str) None[source]
__contains__(name_id: str) bool[source]
class user.auth.clients.saml2.IdentityCache(app: onegov.core.framework.Framework)[source]

Bases: saml2.cache.Cache

Extension to the dict/shelve based default cache to use our redis based dogpile cache instead

set(name_id: str, entity_id: str, info: dict[str, Any], not_on_or_after: int = 0) None[source]

Stores session information in the cache. Assumes that the name_id is unique within the context of the Service Provider.

Parameters:

  • name_id – The subject identifier, a NameID instance

  • entity_id – The identifier of the entity_id/receiver of an assertion

  • info – The session info, the assertion is part of this

  • not_on_or_after – A time after which the assertion is not valid.