XML tools

XML parsing

The flask_saml2.xml_parser provides tools for parsing XML documents from an IdP or a SP. If the documents are signed, they will be verified as part of parsing.

class flask_saml2.xml_parser.XmlParser(xml_string, certificate)

Parse a possibly-signed XML document. Subclasses must implement is_signed().

certificate = None

The certificate the document is signed with

xml_string = None

The input XML document as a string

xml_tree = None

The parsed XML document

parse_request(xml_string)

Parse the SAML request. :raises: ValueError

Return type

None

is_signed()

Is this request signed? Looks for a <ds:Signature> element. Different sources will generate different signed XML documents, so this method must be implemented differently for each source.

parse_signed(xml_tree, certificate)

Replaces all parameters with only the signed parameters. You should provide an x509 certificate obtained out-of-band, usually via the SAML metadata. Otherwise the signed data will be verified with only the certificate provided in the request. This is INSECURE and more-or-less only useful for testing.

Return type

ElementBase

XML templates

class flask_saml2.xml_templates.XmlTemplate(params={})

Base XML template class. A template can represent a single node, a tree, or a whole XML document.

namespace = None

XML namespace for this node or document

property xml

The XML node this template constructed. Generated using generate_xml().

generate_xml()

Generate the XML node for this template. Generally accessed through xml.

Return type

ElementBase

get_xml_string()

Render the XML node to a string. The string representation is rendered as canonical c14n XML, to make verification and signing possible.

Return type

str

element(tag, *, namespace=None, attrs=None, children=None, text=None)

Shortcut for creating an ElementTree Element, with optional attributes, children, and text.

Parameters

  • str (text) – tag to give XML element

  • str – Namespace to use for the element. Defaults to get_namespace() if None.

  • dict (attrs) – Element attributes. If an attribute value is None, the attribute is ignored.

  • list (children) – Element children. If an item in children is None, the item is ignored.

  • str – Element text content, if any.

Return type

ElementBase

Returns

xml.etree.ElementTree.Element

get_namespace_map()

Get all the namespaces potentially used by this node, as a etree nsmap.

Return type

Mapping[str, str]

get_namespace()

Get the namespace URI for this node. Looks up the namespace alias namespace in get_namespace_map().

Return type

str

class flask_saml2.xml_templates.NameIDTemplate(params={})

A <NameID> node, such as:

<NameID Format="${SUBJECT_FORMAT}" SPNameQualifier="${SP_NAME_QUALIFIER}">
    ${SUBJECT}
</NameID>
generate_xml()

Generate the XML node for this template. Generally accessed through xml.