Skip to main content

SAML2 authentifier

Project description

SAML2 authentifier for cubicweb. This cube allow to authenticate from a SAML2 provider with cubicweb login form.

Installation

The first step is to install cubicweb-saml into your python environment:

pip install cubicweb-saml

To add this cube into your cubicweb instance:

cubicweb-ctl shell <your_app>
>>> add_cube('saml')
>>> exit

To generate SAML related option in all-in-one.conf:

cubicweb-ctl upgrade <your_app>

Configuration

To configure cubicweb-saml metadata, open sources.conf from cubicweb instances folder (by default $HOME/etc/cubicweb.d/<instance>):

[SAML]

# SAML v2 metadata uri which can be read from a file (file://<absolute_path>)
# or retrieved from a specific URL(http[s]://...)
saml-metadata-uri=

# The globally unique identifier of the entity.
saml-entity-id=

To configure cubicweb-saml options, open all-in-one.conf in the same directory:

[SAML]

# Don't verify that the incoming requests originate from us via the built-in
# cache for authn request ids in pysaml2
saml-allow-unsolicited=yes

# Indicates if the Authentication Requests sent by this SP should be signed by
# default.
saml-authn-requests-signed=no

# Indicates if this entity will sign the Logout Requests originated from it.
saml-logout-requests-signed=yes

# Indicates if this SP wants the IdP to send the assertions signed. This sets
# the WantAssertionsSigned attribute of the SPSSODescriptor node of the
# metadata so the IdP will know this SP preference.
saml-want-assertions-signed=yes

# Indicates that Authentication Responses to this SP must be signed. If set to
# True, the SP will not consume any SAML Responses that are not signed.
saml-want-response-signed=no

# Allow to register a new user
# if this one does not exist in current database.
saml-register-unknown-user=no

# Set the default group to register new user
# if the saml-register-unknown-user option was activated.
saml-register-default-group=guests

# Set the default password system to use if the saml-register-unknown-user
# option was activated (available values: empty, random).
saml-register-default-password=empty

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cubicweb-saml-1.0.1.tar.gz (12.9 kB view hashes)

Uploaded Source

Built Distribution

cubicweb_saml-1.0.1-py3-none-any.whl (15.3 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page