SPHandler¶
An flask_saml2.idp.IdentityProvider
handles requests from Service Providers
via flask_saml2.idp.SPHandler
instances.
See Configuration for configuration options.
-
class
flask_saml2.idp.
SPHandler
(idp, *, entity_id, acs_url=None, certificate=None, display_name=None)¶ Handles incoming SAML requests from a specific Service Provider for a running Identity Provider.
Sub-classes should provide Service Provider-specific functionality.
-
assertion_template
¶ alias of
flask_saml2.idp.xml_templates.AssertionTemplate
-
response_template
¶ alias of
flask_saml2.idp.xml_templates.ResponseTemplate
-
get_sp_signer
()¶ Get the
Signer
to use for this SP. Default to the one used by the IdP. If a particular SP requires a particular signing method, that SP can override it.- Return type
-
get_sp_digester
()¶ Get the
Digester
to use for this SP. Default to the one used by the IdP. If a particular SP requires a particular digest method, that SP can override it.- Return type
-
build_assertion
(request, issue_instant)¶ Build parameters for the assertion template.
- Return type
-
build_response
(request, issue_instant)¶ Build parameters for the response template.
- Return type
-
encode_response
(response)¶ Encodes the response XML template suitable for sending to the SP.
-
format_assertion
(assertion_params)¶ Make a
AssertionTemplate
to respond to this SP.- Return type
-
format_response
(response_params, assertion)¶ Make a
ResponseTemplate
to respond to this SP.- Return type
-
get_assertion_id
()¶ Generates an ID for this assertion.
-
get_response_id
()¶ Generate an ID for the response.
-
get_response_context
(request, response, relay_state)¶ Make a dictionary of parameters for the response template.
-
get_subject
()¶ Get the subject of the assertion, based on the currently authenticated user and
SPHandler.subject_format
.
-
extract_request_parameters
(request)¶ Fetches various parameters from the request into a dict.
- Return type
-
validate_request
(request)¶ Validates the SAML request against the configuration of this Service Provider handler . Sub-classes should override this and raise a CannotHandleAssertion exception if the validation fails.
- Raises:
- CannotHandleAssertion: if the ACS URL specified in the SAML request
doesn’t match the one specified in the SP handler config.
-
validate_destination
(request)¶ Validate an
<AuthnRequest>
Destination attribute, if it is set.
-
validate_entity_id
(request)¶ Validate that the
<AuthnRequest>
Issuer attribute matches this Service Provider.
-
validate_acs_url
(request)¶ Validate that the
<AuthnRequest>
AssertionConsumerServiceURL attribute matches the expected ACS URL for this Service Provider.
-
validate_user
()¶ Validates the User. Sub-classes should override this and throw a CannotHandleAssertion exception if the validation does not succeed.
-
decode_saml_string
(saml_string)¶ Decode an incoming SAMLRequest into an XML string.
- Return type
-
parse_authn_request
(saml_request)¶ Get a
AuthnRequestParser
to handle this request.- Return type
AuthnRequestParser
-
parse_logout_request
(saml_request)¶ Get a
LogoutRequestParser
to handle this request.- Return type
LogoutRequestParser
-
make_response
(request)¶ Process the request and make a
ResponseTemplate
.- Return type
-
is_valid_redirect
(url)¶ Is this URL a valid redirect target back to this service provider?
-
format_datetime
(value)¶ Format a datetime for this SP. Some SPs are picky about their date formatting, and don’t support the format produced by
datetime.datetime.isoformat()
.- Return type
-
Specific implementations¶
Some handlers for common Service Providers have been bundled with this project:
-
class
flask_saml2.idp.sp.salesforce.
SalesforceSPHandler
(idp, *, entity_id, acs_url=None, certificate=None, display_name=None)¶ Salesforce.com
SPHandler
implementation.
-
class
flask_saml2.idp.sp.google_apps.
GoogleAppsSPHandler
(idp, *, entity_id, acs_url=None, certificate=None, display_name=None)¶ Google Apps
SPHandler
implementation.
-
class
flask_saml2.idp.sp.dropbox.
DropboxSPHandler
(idp, *, entity_id, acs_url=None, certificate=None, display_name=None)¶ Dropbox
SPHandler
implementation.