pysaml2
pysaml2 copied to clipboard
IdentityPython
Python implementation of SAML2
We had a production SP configured with not checking any response or assertion signature at all. The warning was logged, but not noticed. This is quite undesirable, in other words,...
## Code Version `pysaml2==7.1.2` ## Expected Behavior ## Current Behavior ``` [ERROR 2022-07-26 13:35:06,844 saml2.entity _parse_response 1499: MainProcess] Signature Error: {'message': 'Signature failed to meet constraints on xmldsig', 'validators': {'signatures...
I'm using DjangoSaml2 on windows which use pysaml2, i download xmlsec1 and the needed dlls, below error is received when running ``` Traceback (most recent call last): File "C:\Program Files\Python310\lib\site-packages\saml2\sigver.py",...
Currently I see that you can set key_file and cert_file - however, this requires having the data on the filesystem. In our case, we have the data in memory but...
Hi is there posibility to set `key_file` and `cert_file` content in configuration instead of path? my application is runing inside docker, so this files are not stored on local filesystem,...
A normal SAML2 Response would have a clear AuthnStatement like the following example ```` urn:oasis:names:tc:SAML:2.0:ac:classes:Password ```` a pySAML2 SP with a Responses with unvalued AuthStatement: ```` ```` Make the Authentication...
## Code Version I'm using `djangosaml2` which depend on `pysaml2==7.1.0` ## Expected Behavior The verification rule is too strict! The address format like "ip:port" can't be think as malformed. The...
When encrypting the SAML message, the configuration passed top `xmlsec` seem to use DES-192 This is the command thats ran ``` /usr/local/bin/xmlsec1 --encrypt --pubkey-cert-pem /var/folders/pg/cghxqls97rdb6dltkcy3v_2h0000gn/T/tmpwihgq3id --session-key des-192 --xml-data /var/folders/pg/cghxqls97rdb6dltkcy3v_2h0000gn/T/tmpvs7obw71 --node-xpath...
https://pysaml2.readthedocs.io/en/latest/howto/config.html?highlight=disable_ssl_certificate_validation#metadata to get `disable_ssl_certificate_validation` to work we need to put it in the main SP configuration, using it in a metadata entries will not work ## Code Version current master...
The example `sp-wsgi/sp.py` stores the `response.name_id` which is a `saml2.saml.NameID`. https://github.com/IdentityPython/pysaml2/blob/master/example/sp-wsgi/sp.py#L404-L405 https://github.com/IdentityPython/pysaml2/blob/master/example/sp-wsgi/sp.py#L335-L339 Holding this in memory between multiple requests bloats up the RAM / RS. For 800 logged in users...
