ServiceProvider¶
-
class
flask_saml2.sp.
ServiceProvider
¶ Developers should subclass
ServiceProvider
and provide methods to interoperate with their specific environment. All user interactions are performed through methods on this class.There are no methods that must be overridden, but overriding
get_default_login_return_url()
andget_logout_return_url()
is recommended.-
session_auth_data_key
= 'saml_auth_data'¶ What key to store authentication details under in the session.
-
blueprint_name
= 'flask_saml2_sp'¶ The name of the blueprint to generate.
-
login_successful
(auth_data, relay_state)¶ Called when a user is successfully logged on. Subclasses should override this if they want to do more with the returned user data. Returns a
flask.Response
, which is usually a redirect toget_default_login_return_url()
, or a redirect to the protected resource the user initially requested. Subclasses may override this method and return a different response, but they must callsuper()
.- Return type
Response
-
get_sp_config
()¶ Get the configuration for this SP. Defaults to
SAML2_SP
fromflask.Flask.config
. The configuration should be a dict like:{ # The X509 certificate and private key this SP uses to # encrypt, validate, and sign payloads. 'certificate': ..., 'private_key': ..., }
To load the
certificate
andprivate_key
values, see- Return type
-
get_sp_entity_id
()¶ The unique identifier for this Service Provider. By default, this uses the metadata URL for this SP.
See
get_metadata_url()
.- Return type
-
should_sign_requests
()¶ Should this SP sign its SAML statements. Defaults to True if the SP is configured with both a certificate and a private key.
- Return type
-
get_identity_providers
()¶ Get an iterable of identity provider
config
dicts.``config`` should be a dict specifying an IdPHandler subclass and optionally any constructor arguments:>>> list(sp.get_identity_providers()) [{ 'CLASS': 'my_app.identity_providers.MyIdPIdPHandler', 'OPTIONS': { 'entity_id': 'https://idp.example.com/metadata.xml', }, }]
Defaults to
current_app.config['SAML2_IDENTITY_PROVIDERS']
.
-
get_default_login_return_url
()¶ The default URL to redirect users to once the have logged in.
-
get_login_return_url
()¶ Get the URL to redirect the user to now that they have logged in.
-
get_logout_return_url
()¶ The URL to redirect users to once they have logged out.
-
is_valid_redirect_url
(url)¶ Is this URL valid and safe to redirect to? Defaults to only allowing URLs on the current server.
- Return type
-
make_idp_handler
(config)¶ Construct an
IdPHandler
from a config dict fromget_identity_providers()
.- Return type
IdPHandler
-
get_idp_handlers
()¶ Get the
IdPHandler
for each service provider defined.- Return type
Iterable
[IdPHandler
]
-
get_default_idp_handler
()¶ Get the default IdP to sign in with. When logging in, if there is a default IdP, the user will be automatically logged in with that IdP. Return
None
if there is no default IdP. If there is no default, a list of IdPs to sign in with will be presented by the login view.- Return type
Optional
[IdPHandler
]
-
get_idp_handler_by_entity_id
(entity_id)¶ Find the
IdPHandler
instance with a matching entity ID.- Return type
IdPHandler
-
get_idp_handler_by_current_session
()¶ Get the
IdPHandler
used to authenticate the currently logged in user.- Return type
IdPHandler
-
login_required
()¶ Check if a user is currently logged in to this session, and
flask.abort()
with a redirect to the login page if not. It is suggested to useis_user_logged_in()
.
-
is_user_logged_in
()¶ Check if the user is currently logged in / authenticated with an IdP.
- Return type
-
logout
()¶ Terminate the session for a logged in user.
-
render_template
(template, **context)¶ Render an HTML template. This method can be overridden to inject more context variables if required.
- Return type
-
set_auth_data_in_session
(auth_data)¶ Store authentication details from the
IdPHandler
in the browser session.
-
clear_auth_data_in_session
()¶ Clear the authentication details from the session. This will effectively log the user out.
-
get_auth_data_in_session
()¶ Get an
AuthData
instance from the session data stored for the currently logged in user.- Return type
AuthData
-
make_absolute_url
(url)¶ Take a local URL and make it absolute by prepending the current
SERVER_NAME
.- Return type
-
get_metadata_context
()¶ Get any extra context for the metadata template. Suggested extra context variables include ‘org’ and ‘contacts’.
- Return type
-
create_blueprint
()¶ Create a Flask
flask.Blueprint
for this Service Provider.- Return type
Blueprint
-