# dj-rest-auth-saml
## Overview
`dj-rest-auth-saml` is a Django App that is actually a plugin for the `dj-rest-auth` that gives it the possibility to interact with `django-allauth` with SAML 2.0 support.
## Requirements:
Make sure that `django-allauth` is installed with the SAML 2.0 extension:
```bash
pip install django-allauth[SAML]
```
## Installation
To install `dj-rest-auth-saml` run:
```bash
pip install dj-rest-auth-saml
```
In the settings.py you should have the following:
```python
INSTALLED_APPS = [
# ...
"django.contrib.sites",
"corsheaders",
"rest_framework",
"rest_framework.authtoken",
"allauth", # this is django-allauth
"allauth.account",
"allauth.socialaccount",
"allauth.socialaccount.providers.saml", # saml support from django-allauth
"dj_rest_auth", # this is dj-rest-auth
"dj_rest_auth_saml" # this package
]
SITE_ID = 1
MIDDLEWARE = [
"corsheaders.middleware.CorsMiddleware",
"django.middleware.security.SecurityMiddleware",
"django.contrib.sessions.middleware.SessionMiddleware",
"django.middleware.common.CommonMiddleware",
"django.middleware.csrf.CsrfViewMiddleware",
"django.contrib.auth.middleware.AuthenticationMiddleware",
"django.contrib.messages.middleware.MessageMiddleware",
"django.middleware.clickjacking.XFrameOptionsMiddleware",
"allauth.account.middleware.AccountMiddleware", # this is important for allauth
]
SOCIAL_LOGIN_SAML_ENABLED = True
SOCIALACCOUNT_PROVIDERS = {
"saml": {"Apps": [
]}
}
```
## Configurations:
follow the detailed in the following link to add your SAML provider(s) in the SOCIALACCOUNT_PROVIDERS["saml"]["Apps"] list:
https://docs.allauth.org/en/latest/socialaccount/providers/saml.html
alternatively you can add a migration that adds your SAML provider to the database using the utility function `dj_rest_auth_saml.utils.add_default_saml_application` that requires the following configurations to be set in the `settings.py` file:
```python
SOCIAL_LOGIN_SAML_IDP_PROVIDER_ID = "IDP_PROVIDER_ID" # For Google as a provider "https://accounts.google.com/o/saml2?idpid=XXXXXXXXX"
SOCIAL_LOGIN_SAML_SP_ID = "example" # The SP ID used at the IDP
SOCIAL_LOGIN_SAML_IDP_SSO_URL = "https://idp_sso_url" # The url for the IDP SSO, for google: "https://accounts.google.com/o/saml2/idp?idpid=XXXXXXXXX"
SOCIAL_LOGIN_SAML_IDP_X509CERT = "-----BEGIN CERTIFICATE-----.....-----END CERTIFICATE-----" # the X509 IDP CERT
SOCIAL_LOGIN_SAML_ATTRIBUTE_MAPPING={
"uid": "uid",
"email": "email",
"email_verified": "email_verified",
"first_name": "first_name",
"last_name": "last_name"
}
SOCIAL_LOGIN_SAML_AUTHN_REQUEST_SIGNED = False # authn_request_signed
SOCIAL_LOGIN_SAML_DIGEST_ALGORITHM = digest_algorithm = 'http://www.w3.org/2001/04/xmlenc#sha256' # OneLogin_Saml2_Constants.SHA256,
SOCIAL_LOGIN_SAML_LOGOUT_REQUEST_SINGED = False # logout_request_signed
SOCIAL_LOGIN_SAML_LOGOUT_RESPONSE_SIGNED = False # logout_response_signed
SOCIAL_LOGIN_SAML_SIGNATURE_ALGORITHM = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' # signature_algorithm OneLogin_Saml2_Constants.RSA_SHA256
SOCIAL_LOGIN_SAML_METADATA_SIGNED = False # metadata_signed
SOCIAL_LOGIN_SAML_WANT_ASSERTION_ENCRYPTED = False # want_assertion_encrypted
SOCIAL_LOGIN_SAML_WANT_ASSERTION_SIGNED = False # want_assertion_signed
SOCIAL_LOGIN_SAML_WANT_MESSAGE_SIGNED = False # want_message_signed
SOCIAL_LOGIN_SAML_NAME_ID_ENCRYPTED = False # name_id_encrypted
SOCIAL_LOGIN_SAML_WANT_NAME_ID_ENCRYPTED = False # want_name_id_encrypted
SOCIAL_LOGIN_SAML_ALLOW_SINGLE_LABEL_DOMAINS = False # important for Unit testing
SOCIAL_LOGIN_SAML_REJECT_DEPRECATED_ALGORITHM = True # reject_deprecated_algorithm
SOCIAL_LOGIN_SAML_WANT_NAME_ID = False # want_name_id
SOCIAL_LOGIN_SAML_WANT_ATTRIBUTE_STATEMENT = True # want_attribute_statement
SOCIAL_LOGIN_SAML_ALLOW_REPEAT_ATTRIBUTE_NAME = True # allow_repeat_attribute_name
APP_HOST = "example.com" the hostname of this backend
```
Also make sure to take a hard look at the django-allauth settings as well as at the dj-rest-auth settings.
For instance, the following could be something you want to add to your application
```python
SOCIALACCOUNT_EMAIL_AUTHENTICATION_AUTO_CONNECT = True
SOCIALACCOUNT_EMAIL_AUTHENTICATION = True
ACCOUNT_UNIQUE_EMAIL = True
ACCOUNT_EMAIL_VERIFICATION = "mandatory"
```
## SAML flow:
<img src="saml_flow_diagram.png" alt="example" width="800"/>
## Contributing
Contributions to this project are welcomed! The Contributing Guide is still under construction.
When creating a pull request make sure to use the following template:
```
Change Summary
- item one
- item two
Related issue number
- issue a
- issue b
Checklist
[ ] code is ready
[ ] add tests
[ ] all tests passing
[ ] test coverage did not drop
[ ] PR is ready for review
```
## License
dj-rest-auth-saml is licensed under the MIT License - see the LICENSE file for details.
Raw data
{
"_id": null,
"home_page": "https://github.com/oussjarrousse/dj-rest-auth-saml",
"name": "dj-rest-auth-saml",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.6",
"maintainer_email": "",
"keywords": "Django REST SAML allauth dj-rest-auth SAML2.0 SAML2",
"author": "Oussama Jarrousse",
"author_email": "oussama@jarrousse.org",
"download_url": "https://files.pythonhosted.org/packages/0d/bf/8f031573c81d84f8e6eb201b3d1a7efbb03340c8fc2bc410478d0e685be1/dj-rest-auth-saml-0.0.5.tar.gz",
"platform": "any",
"description": "# dj-rest-auth-saml\n\n## Overview\n\n`dj-rest-auth-saml` is a Django App that is actually a plugin for the `dj-rest-auth` that gives it the possibility to interact with `django-allauth` with SAML 2.0 support.\n\n## Requirements:\n\nMake sure that `django-allauth` is installed with the SAML 2.0 extension:\n\n```bash\npip install django-allauth[SAML]\n```\n\n## Installation\n\nTo install `dj-rest-auth-saml` run:\n\n```bash\npip install dj-rest-auth-saml\n```\n\nIn the settings.py you should have the following:\n\n```python\nINSTALLED_APPS = [\n # ...\n \"django.contrib.sites\",\n \"corsheaders\",\n \"rest_framework\",\n \"rest_framework.authtoken\",\n \"allauth\", # this is django-allauth\n \"allauth.account\",\n \"allauth.socialaccount\",\n \"allauth.socialaccount.providers.saml\", # saml support from django-allauth\n \"dj_rest_auth\", # this is dj-rest-auth\n \"dj_rest_auth_saml\" # this package\n]\n\nSITE_ID = 1\n\nMIDDLEWARE = [\n \"corsheaders.middleware.CorsMiddleware\",\n \"django.middleware.security.SecurityMiddleware\",\n \"django.contrib.sessions.middleware.SessionMiddleware\",\n \"django.middleware.common.CommonMiddleware\",\n \"django.middleware.csrf.CsrfViewMiddleware\",\n \"django.contrib.auth.middleware.AuthenticationMiddleware\",\n \"django.contrib.messages.middleware.MessageMiddleware\",\n \"django.middleware.clickjacking.XFrameOptionsMiddleware\",\n \"allauth.account.middleware.AccountMiddleware\", # this is important for allauth\n]\n\nSOCIAL_LOGIN_SAML_ENABLED = True\n\nSOCIALACCOUNT_PROVIDERS = {\n \"saml\": {\"Apps\": [\n\n ]}\n}\n```\n\n## Configurations:\n\nfollow the detailed in the following link to add your SAML provider(s) in the SOCIALACCOUNT_PROVIDERS[\"saml\"][\"Apps\"] list:\n\nhttps://docs.allauth.org/en/latest/socialaccount/providers/saml.html\n\nalternatively you can add a migration that adds your SAML provider to the database using the utility function `dj_rest_auth_saml.utils.add_default_saml_application` that requires the following configurations to be set in the `settings.py` file:\n\n```python\nSOCIAL_LOGIN_SAML_IDP_PROVIDER_ID = \"IDP_PROVIDER_ID\" # For Google as a provider \"https://accounts.google.com/o/saml2?idpid=XXXXXXXXX\"\nSOCIAL_LOGIN_SAML_SP_ID = \"example\" # The SP ID used at the IDP\nSOCIAL_LOGIN_SAML_IDP_SSO_URL = \"https://idp_sso_url\" # The url for the IDP SSO, for google: \"https://accounts.google.com/o/saml2/idp?idpid=XXXXXXXXX\"\nSOCIAL_LOGIN_SAML_IDP_X509CERT = \"-----BEGIN CERTIFICATE-----.....-----END CERTIFICATE-----\" # the X509 IDP CERT\nSOCIAL_LOGIN_SAML_ATTRIBUTE_MAPPING={\n \"uid\": \"uid\",\n \"email\": \"email\",\n \"email_verified\": \"email_verified\",\n \"first_name\": \"first_name\",\n \"last_name\": \"last_name\"\n}\nSOCIAL_LOGIN_SAML_AUTHN_REQUEST_SIGNED = False # authn_request_signed\nSOCIAL_LOGIN_SAML_DIGEST_ALGORITHM = digest_algorithm = 'http://www.w3.org/2001/04/xmlenc#sha256' # OneLogin_Saml2_Constants.SHA256,\nSOCIAL_LOGIN_SAML_LOGOUT_REQUEST_SINGED = False # logout_request_signed\nSOCIAL_LOGIN_SAML_LOGOUT_RESPONSE_SIGNED = False # logout_response_signed\nSOCIAL_LOGIN_SAML_SIGNATURE_ALGORITHM = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' # signature_algorithm OneLogin_Saml2_Constants.RSA_SHA256\nSOCIAL_LOGIN_SAML_METADATA_SIGNED = False # metadata_signed\nSOCIAL_LOGIN_SAML_WANT_ASSERTION_ENCRYPTED = False # want_assertion_encrypted\nSOCIAL_LOGIN_SAML_WANT_ASSERTION_SIGNED = False # want_assertion_signed\nSOCIAL_LOGIN_SAML_WANT_MESSAGE_SIGNED = False # want_message_signed\nSOCIAL_LOGIN_SAML_NAME_ID_ENCRYPTED = False # name_id_encrypted\nSOCIAL_LOGIN_SAML_WANT_NAME_ID_ENCRYPTED = False # want_name_id_encrypted\nSOCIAL_LOGIN_SAML_ALLOW_SINGLE_LABEL_DOMAINS = False # important for Unit testing\nSOCIAL_LOGIN_SAML_REJECT_DEPRECATED_ALGORITHM = True # reject_deprecated_algorithm\nSOCIAL_LOGIN_SAML_WANT_NAME_ID = False # want_name_id\nSOCIAL_LOGIN_SAML_WANT_ATTRIBUTE_STATEMENT = True # want_attribute_statement\nSOCIAL_LOGIN_SAML_ALLOW_REPEAT_ATTRIBUTE_NAME = True # allow_repeat_attribute_name\n\nAPP_HOST = \"example.com\" the hostname of this backend\n\n```\n\nAlso make sure to take a hard look at the django-allauth settings as well as at the dj-rest-auth settings.\n\nFor instance, the following could be something you want to add to your application\n\n```python\nSOCIALACCOUNT_EMAIL_AUTHENTICATION_AUTO_CONNECT = True\nSOCIALACCOUNT_EMAIL_AUTHENTICATION = True\nACCOUNT_UNIQUE_EMAIL = True\nACCOUNT_EMAIL_VERIFICATION = \"mandatory\"\n```\n\n## SAML flow:\n\n<img src=\"saml_flow_diagram.png\" alt=\"example\" width=\"800\"/>\n\n\n\n## Contributing\nContributions to this project are welcomed! The Contributing Guide is still under construction.\n\nWhen creating a pull request make sure to use the following template:\n\n```\nChange Summary\n - item one\n - item two\nRelated issue number\n - issue a\n - issue b\nChecklist\n [ ] code is ready\n [ ] add tests\n [ ] all tests passing\n [ ] test coverage did not drop\n [ ] PR is ready for review\n```\n\n## License\ndj-rest-auth-saml is licensed under the MIT License - see the LICENSE file for details.\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "A Django App that adds SAML 2.0 endpoints to dj-rest-auth",
"version": "0.0.5",
"project_urls": {
"Homepage": "https://github.com/oussjarrousse/dj-rest-auth-saml",
"Source": "https://github.com/oussjarrousse/dj-rest-auth-saml/",
"Tracker": "https://github.com/oussjarrousse/dj-rest-auth-saml/issues"
},
"split_keywords": [
"django",
"rest",
"saml",
"allauth",
"dj-rest-auth",
"saml2.0",
"saml2"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "870489b1c898331635e72baa50eef2048a862083127b9977b67e0bc544f5cffe",
"md5": "0bd04bc3dbed84cacef308b56927df0b",
"sha256": "db029a10ee4fe19c6f50898b0d5ffe860307b83953646066366716a9f8c87561"
},
"downloads": -1,
"filename": "dj_rest_auth_saml-0.0.5-py3-none-any.whl",
"has_sig": false,
"md5_digest": "0bd04bc3dbed84cacef308b56927df0b",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.6",
"size": 9414,
"upload_time": "2024-01-12T00:44:43",
"upload_time_iso_8601": "2024-01-12T00:44:43.117481Z",
"url": "https://files.pythonhosted.org/packages/87/04/89b1c898331635e72baa50eef2048a862083127b9977b67e0bc544f5cffe/dj_rest_auth_saml-0.0.5-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "0dbf8f031573c81d84f8e6eb201b3d1a7efbb03340c8fc2bc410478d0e685be1",
"md5": "0019313b6b00b74553771a8d1cba4e57",
"sha256": "e63639706b034c5d8e1ae7842cb853a5d28174be6e0e582f9338646bef24c539"
},
"downloads": -1,
"filename": "dj-rest-auth-saml-0.0.5.tar.gz",
"has_sig": false,
"md5_digest": "0019313b6b00b74553771a8d1cba4e57",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.6",
"size": 69400,
"upload_time": "2024-01-12T00:44:45",
"upload_time_iso_8601": "2024-01-12T00:44:45.208270Z",
"url": "https://files.pythonhosted.org/packages/0d/bf/8f031573c81d84f8e6eb201b3d1a7efbb03340c8fc2bc410478d0e685be1/dj-rest-auth-saml-0.0.5.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-01-12 00:44:45",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "oussjarrousse",
"github_project": "dj-rest-auth-saml",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [],
"tox": true,
"lcname": "dj-rest-auth-saml"
}
JSON
