Bases: object
Builds the Signature of the SAML Request.
Parameters: |
|
---|
Builds the Signature of the SAML Response. :param saml_request: The SAML Response :type saml_request: string
Parameters: | relay_state (string) – The target URL the user should be redirected to |
---|
Returns the requested SAML attribute.
Parameters: | name (string) – Name of the attribute |
---|---|
Returns: | Attribute value if exists or None |
Return type: | string |
Returns the set of SAML attributes.
Returns: | SAML attributes |
---|---|
Return type: | dict |
Returns a list with code errors if something went wrong
Returns: | List of errors |
---|---|
Return type: | list |
Returns the settings info :return: Setting info :rtype: OneLogin_Saml2_Setting object
Gets the SLO url.
Returns: | An URL, the SLO endpoint of the IdP |
---|---|
Return type: | string |
Gets the SSO url.
Returns: | An URL, the SSO endpoint of the IdP |
---|---|
Return type: | string |
Checks if the user is authenticated or not.
Returns: | True if is authenticated, False if not |
---|---|
Return type: | bool |
Initiates the SSO process.
Parameters: | return_to (string) – Optional argument. The target URL the user should be redirected to after login. |
---|---|
Returns: | Redirection url |
Initiates the SLO process.
Parameters: | return_to (string) – Optional argument. The target URL the user should be redirected to after logout. |
---|---|
Returns: | Redirection url |
Process the SAML Response sent by the IdP.
Parameters: | request_id (string) – Is an optional argumen. Is the ID of the AuthNRequest sent by this SP to the IdP. |
---|---|
Raises : | OneLogin_Saml2_Error.SAML_RESPONSE_NOT_FOUND, when a POST with a SAMLResponse is not found |
Process the SAML Logout Response / Logout Request sent by the IdP.
Parameters: |
|
---|---|
Returns: | Redirection url |
Bases: exceptions.Exception
Returns the ID of the Logout Request :param request: Logout Request Message :type request: string|DOMDocument :return: string ID :rtype: str object
Gets the Issuer of the Logout Request Message :param request: Logout Request Message :type request: string|DOMDocument :return: The Issuer :rtype: string
Gets the NameID of the Logout Request Message :param request: Logout Request Message :type request: string|DOMDocument :param key: The SP key :type key: string :return: Name ID Value :rtype: string
Gets the NameID Data of the the Logout Request :param request: Logout Request Message :type request: string|DOMDocument :param key: The SP key :type key: string :return: Name ID Data (Value, Format, NameQualifier, SPNameQualifier) :rtype: dict
Returns the Logout Request defated, base64encoded :return: Deflated base64 encoded Logout Request :rtype: str object
Gets the SessionIndexes from the Logout Request :param request: Logout Request Message :type request: string|DOMDocument :return: The SessionIndex value :rtype: list
Checks if the Logout Request recieved is valid :param settings: Settings :type settings: OneLogin_Saml2_Settings :param request: Logout Request Message :type request: string|DOMDocument :return: If the Logout Request is or not valid :rtype: boolean
Creates a Logout Response object. :param in_response_to: InResponseTo value for the Logout Response. :type in_response_to: string
Gets the Issuer of the Logout Response Message :return: The Issuer :rtype: string
Add the x509 descriptors (sign/encriptation to the metadata The same cert will be used for sign/encrypt
Parameters: |
|
---|---|
Returns: | Metadata with KeyDescriptors |
Return type: | string |
Build the metadata of the SP
Parameters: |
|
---|
Bases: object
Check if the status of the response is success or not
Raises : | Exception. If the status is not success |
---|
Gets the Attributes from the AttributeStatement element. EncryptedAttributes are not supported
Gets the audiences
Returns: | The valid audiences for the SAML Response |
---|---|
Return type: | list |
Gets the issuers (from message and from assertion)
Returns: | The issuers |
---|---|
Return type: | list |
Gets the NameID provided by the SAML Response from the IdP
Returns: | NameID (value) |
---|---|
Return type: | string |
Gets the NameID Data provided by the SAML Response from the IdP
Returns: | Name ID Data (Value, Format, NameQualifier, SPNameQualifier) |
---|---|
Return type: | dict |
Gets the SessionIndex from the AuthnStatement Could be used to be stored in the local session in order to be used in a future Logout Request that the SP could send to the SP, to set what specific session must be deleted
Returns: | The SessionIndex value |
---|---|
Return type: | string|None |
Gets the SessionNotOnOrAfter from the AuthnStatement Could be used to set the local session expiration
Returns: | The SessionNotOnOrAfter value |
---|---|
Return type: | time|None |
Constructs the response object.
Parameters: | request_id (string) – Optional argument. The ID of the AuthNRequest sent by this SP to the IdP |
---|---|
Returns: | True if the SAML Response is valid, False if not |
Return type: | bool |
Checks the settings info.
Parameters: | settings (dict) – Dict with settings data |
---|---|
Returns: | Errors found on the settings data |
Return type: | list |
Checks if the x509 certs of the SP exists and are valid.
Returns: | If the x509 certs of the SP exists and are valid |
---|---|
Return type: | boolean |
Returns an array with the errors, the array is empty when the settings is ok.
Returns: | Errors |
---|---|
Return type: | list |
Returns external lib path
Returns: | The external library folder path |
---|---|
Return type: | string |
Returns the x509 public cert of the SP.
Returns: | SP public cert |
---|---|
Return type: | string |
Returns the x509 private key of the SP.
Returns: | SP private key |
---|---|
Return type: | string |
Gets the SP metadata. The XML representation.
Returns: | SP metadata (xml) |
---|---|
Return type: | string |
Returns if the debug is active.
Returns: | Debug parameter |
---|---|
Return type: | boolean |
Returns if the ‘strict’ mode is active.
Returns: | Strict parameter |
---|---|
Return type: | boolean |
Adds signature key and senders certificate to an element (Message or Assertion).
Parameters: |
|
---|---|
Type : | string | Document |
Type : | string |
Type : | string |
Calculates the fingerprint of a x509cert.
Parameters: | x509_cert – x509 cert |
---|---|
Type : | string |
Returns: | Formated fingerprint |
Return type: | string |
base64 decodes and then inflates according to RFC1951 :param value: a deflated and encoded string :return: the string after decoding and inflating
Decrypts an encrypted element.
Parameters: |
|
---|---|
Type : | DOMElement |
Type : | Encryption Context |
Returns: | The decrypted element. |
Return type: | DOMElement |
Deflates and the base64 encodes a string :param value: The string to deflate and encode :return: The deflated and encoded string
Returns a x509 cert (adding header & footer if required).
Parameters: |
|
---|---|
Type : | string |
Type : | boolean |
Returns: | Formated cert |
Return type: | string |
Formates a fingerprint.
Parameters: | fingerprint – fingerprint |
---|---|
Type : | string |
Returns: | Formated fingerprint |
Return type: | string |
Generates a nameID.
Parameters: |
|
---|---|
Type : | string |
Type : | string |
Type : | string |
Type : | string |
Returns: | DOMElement | XMLSec nameID |
Return type: | string |
Generates an unique string (used for example as ID for assertions).
Returns: | A unique string |
---|---|
Return type: | string |
Compares 2 dates and returns the earliest.
Parameters: |
|
---|---|
Type : | string |
Type : | string |
Returns: | The expiration time. |
Return type: | int |
Returns the current host.
Parameters: | request_data – The request as a dict |
---|---|
Type : | dict |
Returns: | The current host |
Return type: | string |
Returns the URL of the current host + current view + query.
Parameters: | request_data – The request as a dict |
---|---|
Type : | dict |
Returns: | The url of current host + current view + query |
Return type: | string |
Returns the protocol + the current host + the port (if different than common ports).
Parameters: | request_data – The request as a dict |
---|---|
Type : | dict |
Returns: | Url |
Return type: | string |
Returns the URL of the current host + current view.
Parameters: | request_data – The request as a dict |
---|---|
Type : | dict |
Returns: | The url of current host + current view |
Return type: | string |
Gets Status from a Response.
Parameters: | dom – The Response as XML |
---|---|
Type : | Document |
Returns: | The Status, an array with the code and a message. |
Return type: | dict |
Checks if https or http.
Parameters: | request_data – The request as a dict |
---|---|
Type : | dict |
Returns: | False if https is not active |
Return type: | boolean |
Converts a SAML2 timestamp on the form yyyy-mm-ddThh:mm:ss(.s+)?Z to a UNIX timestamp. The sub-second part is ignored.
Parameters: | time – The time we should convert (SAML Timestamp). |
---|---|
Type : | string |
Returns: | Converted to a unix timestamp. |
Return type: | int |
Interprets a ISO8601 duration value relative to a given timestamp.
Parameters: |
|
---|---|
Type : | string |
Type : | string |
Returns: | The new timestamp, after the duration is applied. |
Return type: | int |
Converts a UNIX timestamp to SAML2 timestamp on the form yyyy-mm-ddThh:mm:ss(.s+)?Z.
Parameters: | time – The time we should convert (DateTime). |
---|---|
Type : | string |
Returns: | SAML2 timestamp. |
Return type: | string |
Extracts nodes that match the query from the Element
Parameters: |
|
---|---|
Type : | Element |
Type : | string |
Type : | DOMElement |
Returns: | The queried nodes |
Return type: | list |
Executes a redirection to the provided url (or return the target url).
Parameters: |
|
---|---|
Type : | string |
Type : | dict |
Type : | dict |
Returns: | Url |
Return type: | string |