Holds the required SAML2 Attributes




Dict like interface that mangles the name_id that gets passed into the


Extension to the dict/shelve based default cache to use our


handle_logout_request(→ tuple[bool, Any])

finish_logout(→ webob.Response)

Module Contents

user.auth.clients.saml2.handle_logout_request(conn: saml2.client.Saml2Client, name_id: str | None, logout_req: Any, relay_state: str | None) tuple[bool, Any][source]
user.auth.clients.saml2.finish_logout(request: onegov.core.request.CoreRequest, user: onegov.user.User, to: str, local: bool = True) webob.Response[source]
class user.auth.clients.saml2.SAML2Attributes[source]

Holds the required SAML2 Attributes

source_id: str[source]
username: str[source]
first_name: str[source]
last_name: str[source]
groups: str[source]
classmethod from_cfg(cfg: dict[str, Any]) typing_extensions.Self[source]
class user.auth.clients.saml2.SAML2Client[source]
metadata: str[source]

Paths to the relevant idp metadata XML files

button_text: str[source]

Text to show on login button

treat_as_ldap: bool[source]

Whether or not users created by this provider should show up as being created by LDAP instead. Necessary when using LDAP to sync the users periodically and deactivate old accounts.

want_resonse_signed: bool[source]

Whether the response from the IdP should be signed

attributes: SAML2Attributes[source]

Mapping of attribute names

primary: bool[source]
_connections: dict[str, saml2.client.Saml2Client][source]
get_binding(request: onegov.core.request.CoreRequest) str[source]
get_sessions(app: UserApp | Framework) Mangled[source]
get_redirects(app: UserApp | Framework) Mangled[source]
connection(provider: onegov.user.auth.provider.SAML2Provider, request: onegov.core.request.CoreRequest) saml2.client.Saml2Client[source]

Returns the SAML2 instance

get_name_id(user: User | None) str | None[source]
create_logout_request(provider: onegov.user.auth.provider.SAML2Provider, request: onegov.core.request.CoreRequest, user: User | None) tuple[str | None, Any | None][source]
handle_slo(provider: onegov.user.auth.provider.SAML2Provider, request: onegov.core.request.CoreRequest) webob.Response[source]
class user.auth.clients.saml2.SAML2Connections[source]
connections: dict[str, SAML2Client][source]
client(app: onegov.user.auth.provider.HasApplicationIdAndNamespace) SAML2Client | None[source]
classmethod from_cfg(config: dict[str, Any]) typing_extensions.Self[source]
class user.auth.clients.saml2.Mangled(cache: onegov.core.cache.RedisCacheRegion, prefix: str = '')[source]

Dict like interface that mangles the name_id that gets passed into the cache, so valid name_ids cannot be discovered through key listing

mangle(name_id: str) str[source]
get(name_id: str, default: None = None) Any | None[source]
get(name_id: str, default: Any) Any
pop(name_id: str) Any[source]
pop(name_id: str, default: None) Any | None
pop(name_id: str, default: Any) Any
__getitem__(name_id: str) Any[source]
__setitem__(name_id: str, value: Any) None[source]
__delitem__(name_id: str) None[source]
__contains__(name_id: str) bool[source]
class user.auth.clients.saml2.IdentityCache(app: onegov.core.framework.Framework)[source]

Bases: saml2.cache.Cache

Extension to the dict/shelve based default cache to use our redis based dogpile cache instead

set(name_id: str, entity_id: str, info: dict[str, Any], not_on_or_after: int = 0) None[source]

Stores session information in the cache. Assumes that the name_id is unique within the context of the Service Provider.

  • name_id – The subject identifier, a NameID instance

  • entity_id – The identifier of the entity_id/receiver of an assertion

  • info – The session info, the assertion is part of this

  • not_on_or_after – A time after which the assertion is not valid.