Skip to main content

SAML2 authentifier

Project description

SAML2 authentifier for cubicweb. This cube allow to authenticate from a SAML2 provider with cubicweb login form.

Installation

The first step is to install cubicweb-saml into your python environment:

pip install cubicweb-saml

To add this cube into your cubicweb instance:

cubicweb-ctl shell <your_app>
>>> add_cube('saml')
>>> exit

To generate SAML related option in all-in-one.conf:

cubicweb-ctl upgrade <your_app>

Configuration

To configure cubicweb-saml metadata, open sources.conf from cubicweb instances folder (by default $HOME/etc/cubicweb.d/<instance>):

[SAML]

# SAML v2 metadata uri which can be read from a file (file://<absolute_path>)
# or retrieved from a specific URL(http[s]://...)
saml-metadata-uri=

# The globally unique identifier of the entity.
saml-entity-id=

To configure cubicweb-saml options, open all-in-one.conf in the same directory:

[SAML]

# Don't verify that the incoming requests originate from us via the built-in
# cache for authn request ids in pysaml2
saml-allow-unsolicited=yes

# Indicates if the Authentication Requests sent by this SP should be signed by
# default.
saml-authn-requests-signed=no

# Indicates if this entity will sign the Logout Requests originated from it.
saml-logout-requests-signed=yes

# Indicates if this SP wants the IdP to send the assertions signed. This sets
# the WantAssertionsSigned attribute of the SPSSODescriptor node of the
# metadata so the IdP will know this SP preference.
saml-want-assertions-signed=yes

# Indicates that Authentication Responses to this SP must be signed. If set to
# True, the SP will not consume any SAML Responses that are not signed.
saml-want-response-signed=no

# Allow to register a new user
# if this one does not exist in current database.
saml-register-unknown-user=no

# Set the default group to register new user
# if the saml-register-unknown-user option was activated.
saml-register-default-group=guests

# Set the default password system to use if the saml-register-unknown-user
# option was activated (available values: empty, random).
saml-register-default-password=empty

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cubicweb-saml-1.0.1.tar.gz (12.9 kB view details)

Uploaded Source

Built Distribution

cubicweb_saml-1.0.1-py3-none-any.whl (15.3 kB view details)

Uploaded Python 3

File details

Details for the file cubicweb-saml-1.0.1.tar.gz.

File metadata

  • Download URL: cubicweb-saml-1.0.1.tar.gz
  • Upload date:
  • Size: 12.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.0.0 CPython/3.12.2

File hashes

Hashes for cubicweb-saml-1.0.1.tar.gz
Algorithm Hash digest
SHA256 1e3369045898363085cc172f333b522437474ffefd0f886aa1b5319f7e11964f
MD5 2746f74d1618a717f9bdb32f9ffb8b71
BLAKE2b-256 a26acdf47315d48bace8cc94861855b6b123fdd74f59337bdf76005506b17b24

See more details on using hashes here.

File details

Details for the file cubicweb_saml-1.0.1-py3-none-any.whl.

File metadata

File hashes

Hashes for cubicweb_saml-1.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 d70e50fa1122d6cb47e3509954ccb6b32499abc3cfe42dc5e8ac488546f889eb
MD5 a69816eb51bcc31739191feb63cc875d
BLAKE2b-256 e7d58c15fc96d8b696f1232c3162207e8ef14611a68df8ec265c89d0dd66592c

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page