Invenio module that provides SAML integration.
These two modules has been merged into one:
invenio-saml
Further documentation is available on https://invenio-saml.readthedocs.io/flask-sso-saml
Further documentation is available on https://flask-sso-saml.readthedocs.io/
First of all you need some packages, execute:
apt-get install libxml2-dev libxmlsec1-dev libxmlsec1-openssl
Install
pip install invenio-shibboleth
from invenio_shibboleth.handlers import acs_handler_factory
SSO_SAML_IDPS = {
"onelogin": {
# settings_file_path can be either json or xml.
"settings_file_path": "./saml/onelogin/onelogin.json",
"sp_cert_file": "./saml/onelogin/cert/sp.crt",
"sp_key_file": "./saml/onelogin/cert/sp.key",
"settings": {
"sp": {
"NameIDFormat': "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
},
"security": {
"authnRequestsSigned": False,
"failOnAuthnContextMismatch": False,
"logoutRequestSigned": False,
"logoutResponseSigned": False,
"metadataCacheDuration": None,
"metadataValidUntil": None,
"nameIdEncrypted": False,
"requestedAuthnContext": False,
"requestedAuthnContextComparison": "exact",
"signMetadata": False,
"signatureAlgorithm":
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
"wantAssertionsEncrypted": False,
"wantAssertionsSigned": False,
"wantAttributeStatement": False,
"wantMessagesSigned": False,
"wantNameId": True,
"wantNameIdEncrypted": False,
"digestAlgorithm":
"http://www.w3.org/2001/04/xmlenc#sha256"
},
},
"mappings": {
# invenio #origin
"email": "email",
"name": "username",
"surname": "full_name",
"external_id": "external_id",
},
"acs_handler": acs_handler_factory("onelogin"),
},
}
Further documentation is available on https://invenio-shibboleth.readthedocs.io/