MiniSAML

绝对最小化SAML 2客户端。故意不支持完整的SAML 2规范。它只支持通过HTTP Redirect发送请求和通过HTTP POST发送响应。

用法

创建SAML请求

from minisaml.request import get_request_redirect_url

url = get_request_redirect_url(
    saml_endpoint="https://your-idp.invalid/sso-endpoint/",
    expected_audience="Your SAML Issuer",
    acs_url="https://you.web-site.invalid/saml/acs/"
)

# This line depends on your web framework/server
redirect_user_to_url(url)

验证和解析SAML响应

from minisaml.response import validate_response

# This line depends on your web framework/server
saml_response = get_SAMLResponse_form_data_as_bytes()

# Load the x509 certificate as a cryptography.x509.Certificate somehow
certificate = ...

try:
    response = validate_response(
        data=saml_response,
        certificate=certificate,
        expected_audience="Your SAML Issuer",
        idp_issuer="https://your-idp.invalid/issuer/"
    )
except:
    handle_invalid_response_somehow()

# response is a minisaml.response.Response object