SPHandler¶

An flask_saml2.idp.IdentityProvider handles requests from Service Providers via flask_saml2.idp.SPHandler instances.

See Configuration for configuration options.

class flask_saml2.idp.SPHandler(idp, *, entity_id, acs_url=None, certificate=None, display_name=None)¶

Handles incoming SAML requests from a specific Service Provider for a running Identity Provider.

Sub-classes should provide Service Provider-specific functionality.

assertion_template¶: alias of flask_saml2.idp.xml_templates.AssertionTemplate

response_template¶: alias of flask_saml2.idp.xml_templates.ResponseTemplate

get_sp_signer()¶

Get the Signer to use for this SP. Default to the one used by the IdP. If a particular SP requires a particular signing method, that SP can override it.

Return type: Signer

get_sp_digester()¶

Get the Digester to use for this SP. Default to the one used by the IdP. If a particular SP requires a particular digest method, that SP can override it.

Return type: Digester

build_assertion(request, issue_instant)¶

Build parameters for the assertion template.

Return type: dict

build_response(request, issue_instant)¶

Build parameters for the response template.

Return type: dict

encode_response(response)¶: Encodes the response XML template suitable for sending to the SP.

format_assertion(assertion_params)¶

Make a AssertionTemplate to respond to this SP.

Return type: XmlTemplate

format_response(response_params, assertion)¶

Make a ResponseTemplate to respond to this SP.

Return type: XmlTemplate

get_assertion_id()¶: Generates an ID for this assertion.

get_audience(request)¶

Gets the audience assertion parameter from the request data.

Return type: str

get_response_id()¶: Generate an ID for the response.

get_response_context(request, response, relay_state)¶: Make a dictionary of parameters for the response template.

get_subject()¶: Get the subject of the assertion, based on the currently authenticated user and SPHandler.subject_format.

extract_request_parameters(request)¶

Fetches various parameters from the request into a dict.

Return type: dict

validate_request(request)¶

Validates the SAML request against the configuration of this Service Provider handler . Sub-classes should override this and raise a CannotHandleAssertion exception if the validation fails.

Raises:

CannotHandleAssertion: if the ACS URL specified in the SAML request: doesn’t match the one specified in the SP handler config.

validate_destination(request)¶: Validate an <AuthnRequest> Destination attribute, if it is set.

validate_entity_id(request)¶: Validate that the <AuthnRequest> Issuer attribute matches this Service Provider.

validate_acs_url(request)¶: Validate that the <AuthnRequest> AssertionConsumerServiceURL attribute matches the expected ACS URL for this Service Provider.

validate_user()¶: Validates the User. Sub-classes should override this and throw a CannotHandleAssertion exception if the validation does not succeed.

decode_saml_string(saml_string)¶

Decode an incoming SAMLRequest into an XML string.

Return type: bytes

parse_authn_request(saml_request)¶

Get a AuthnRequestParser to handle this request.

Return type: AuthnRequestParser

parse_logout_request(saml_request)¶

Get a LogoutRequestParser to handle this request.

Return type: LogoutRequestParser

make_response(request)¶

Process the request and make a ResponseTemplate.

Return type: XmlTemplate

is_valid_redirect(url)¶: Is this URL a valid redirect target back to this service provider?

format_datetime(value)¶

Format a datetime for this SP. Some SPs are picky about their date formatting, and don’t support the format produced by datetime.datetime.isoformat().

Return type: str

Specific implementations¶

Some handlers for common Service Providers have been bundled with this project:

class flask_saml2.idp.sp.salesforce.SalesforceSPHandler(idp, *, entity_id, acs_url=None, certificate=None, display_name=None)¶: Salesforce.com SPHandler implementation.

class flask_saml2.idp.sp.google_apps.GoogleAppsSPHandler(idp, *, entity_id, acs_url=None, certificate=None, display_name=None)¶: Google Apps SPHandler implementation.

class flask_saml2.idp.sp.dropbox.DropboxSPHandler(idp, *, entity_id, acs_url=None, certificate=None, display_name=None)¶: Dropbox SPHandler implementation.