Configuration

The SP needs two configuration options by default, SAML2_SP and SAML2_IDENTITY_PROVIDERS. SAML2_SP configures the Service Provider itself, while SAML2_IDENTITY_PROVIDERS specifies all the IdPs the SP can authenticate with.

from flask_saml2.utils import certificate_from_file, private_key_from_file

SAML2_SP = {
    'certificate': certificate_from_file('keys/sp_certificate.pem'),
    'private_key': private_key_from_file('keys/sp_private_key.pem'),
}

SAML2_IDENTITY_PROVIDERS = [
    {
        'CLASS': 'myapp.IdPHandler',
        'OPTIONS': {
            'display_name': 'Example Identity Provider',
            'entity_id': 'https://idp.example.com/saml/metadata.xml',
            'sso_url': 'https://idp.example.com/saml/login/',
            'slo_url': 'https://idp.example.com/saml/logout/',
            'certificate': certificate_from_file('keys/idp_certificate.pem'),
        },
    },
]

SAML2_SP is documented in ServiceProvider.get_sp_config().

SAML2_IDENTITY_PROVIDERS is a list of IdPs the SP can use for authentication. Each IdP is represented as a dict. CLASS is the dotted Python path to a IdPHandler subclass, and OPTIONS is a dict of keyword arguments to its constructor. Refer to IdPHandler for more information on constructor arguments.