Bases: object
Builds the Signature of the SAML Request.
| Parameters: | 
 | 
|---|
Builds the Signature of the SAML Response. :param saml_request: The SAML Response :type saml_request: string
| Parameters: | relay_state (string) – The target URL the user should be redirected to | 
|---|
Returns the requested SAML attribute.
| Parameters: | name (string) – Name of the attribute | 
|---|---|
| Returns: | Attribute value if exists or None | 
| Return type: | string | 
Returns the set of SAML attributes.
| Returns: | SAML attributes | 
|---|---|
| Return type: | dict | 
Returns a list with code errors if something went wrong
| Returns: | List of errors | 
|---|---|
| Return type: | list | 
Returns the reason for the last error
| Returns: | Error | 
|---|---|
| Return type: | string | 
Returns the settings info :return: Setting info :rtype: OneLogin_Saml2_Setting object
Gets the SLO url.
| Returns: | An URL, the SLO endpoint of the IdP | 
|---|---|
| Return type: | string | 
Gets the SSO url.
| Returns: | An URL, the SSO endpoint of the IdP | 
|---|---|
| Return type: | string | 
Checks if the user is authenticated or not.
| Returns: | True if is authenticated, False if not | 
|---|---|
| Return type: | bool | 
Initiates the SSO process.
| Parameters: | 
 | 
|---|---|
| Returns: | Redirection url | 
Initiates the SLO process.
| Parameters: | 
 | 
|---|---|
| Returns: | Redirection url | 
Process the SAML Response sent by the IdP.
| Parameters: | request_id (string) – Is an optional argumen. Is the ID of the AuthNRequest sent by this SP to the IdP. | 
|---|---|
| Raises : | OneLogin_Saml2_Error.SAML_RESPONSE_NOT_FOUND, when a POST with a SAMLResponse is not found | 
Process the SAML Logout Response / Logout Request sent by the IdP.
| Parameters: | 
 | 
|---|---|
| Returns: | Redirection url | 
Bases: exceptions.Exception
Returns the ID of the Logout Request :param request: Logout Request Message :type request: string|DOMDocument :return: string ID :rtype: str object
Gets the Issuer of the Logout Request Message :param request: Logout Request Message :type request: string|DOMDocument :return: The Issuer :rtype: string
Gets the NameID of the Logout Request Message :param request: Logout Request Message :type request: string|DOMDocument :param key: The SP key :type key: string :return: Name ID Value :rtype: string
Gets the NameID Data of the the Logout Request :param request: Logout Request Message :type request: string|DOMDocument :param key: The SP key :type key: string :return: Name ID Data (Value, Format, NameQualifier, SPNameQualifier) :rtype: dict
Returns the Logout Request defated, base64encoded :return: Deflated base64 encoded Logout Request :rtype: str object
Gets the SessionIndexes from the Logout Request :param request: Logout Request Message :type request: string|DOMDocument :return: The SessionIndex value :rtype: list
Checks if the Logout Request recieved is valid :param settings: Settings :type settings: OneLogin_Saml2_Settings :param request: Logout Request Message :type request: string|DOMDocument :return: If the Logout Request is or not valid :rtype: boolean
Creates a Logout Response object. :param in_response_to: InResponseTo value for the Logout Response. :type in_response_to: string
Gets the Issuer of the Logout Response Message :return: The Issuer :rtype: string
Returns a Logout Response object. :return: Logout Response deflated and base64 encoded :rtype: string
Add the x509 descriptors (sign/encriptation to the metadata The same cert will be used for sign/encrypt
| Parameters: | 
 | 
|---|---|
| Returns: | Metadata with KeyDescriptors | 
| Return type: | string | 
Build the metadata of the SP
| Parameters: | 
 | 
|---|
Bases: object
Check if the status of the response is success or not
| Raises : | Exception. If the status is not success | 
|---|
Gets the Attributes from the AttributeStatement element. EncryptedAttributes are not supported
Gets the audiences
| Returns: | The valid audiences for the SAML Response | 
|---|---|
| Return type: | list | 
Gets the issuers (from message and from assertion)
| Returns: | The issuers | 
|---|---|
| Return type: | list | 
Gets the NameID provided by the SAML Response from the IdP
| Returns: | NameID (value) | 
|---|---|
| Return type: | string | 
Gets the NameID Data provided by the SAML Response from the IdP
| Returns: | Name ID Data (Value, Format, NameQualifier, SPNameQualifier) | 
|---|---|
| Return type: | dict | 
Gets the SessionIndex from the AuthnStatement Could be used to be stored in the local session in order to be used in a future Logout Request that the SP could send to the SP, to set what specific session must be deleted
| Returns: | The SessionIndex value | 
|---|---|
| Return type: | string|None | 
Gets the SessionNotOnOrAfter from the AuthnStatement Could be used to set the local session expiration
| Returns: | The SessionNotOnOrAfter value | 
|---|---|
| Return type: | time|None | 
Constructs the response object.
| Parameters: | request_id (string) – Optional argument. The ID of the AuthNRequest sent by this SP to the IdP | 
|---|---|
| Returns: | True if the SAML Response is valid, False if not | 
| Return type: | bool | 
Checks the settings info.
| Parameters: | settings (dict) – Dict with settings data | 
|---|---|
| Returns: | Errors found on the settings data | 
| Return type: | list | 
Checks if the x509 certs of the SP exists and are valid.
| Returns: | If the x509 certs of the SP exists and are valid | 
|---|---|
| Return type: | boolean | 
Returns an array with the errors, the array is empty when the settings is ok.
| Returns: | Errors | 
|---|---|
| Return type: | list | 
Returns external lib path
| Returns: | The external library folder path | 
|---|---|
| Return type: | string | 
Returns the x509 public cert of the SP.
| Returns: | SP public cert | 
|---|---|
| Return type: | string | 
Returns the x509 private key of the SP.
| Returns: | SP private key | 
|---|---|
| Return type: | string | 
Gets the SP metadata. The XML representation.
| Returns: | SP metadata (xml) | 
|---|---|
| Return type: | string | 
Returns if the debug is active.
| Returns: | Debug parameter | 
|---|---|
| Return type: | boolean | 
Returns if the ‘strict’ mode is active.
| Returns: | Strict parameter | 
|---|---|
| Return type: | boolean | 
Adds signature key and senders certificate to an element (Message or Assertion).
| Parameters: | 
 | 
|---|---|
| Type : | string | Document | 
| Type : | string | 
| Type : | string | 
Calculates the fingerprint of a x509cert.
| Parameters: | x509_cert – x509 cert | 
|---|---|
| Type : | string | 
| Returns: | Formated fingerprint | 
| Return type: | string | 
base64 decodes and then inflates according to RFC1951 :param value: a deflated and encoded string :return: the string after decoding and inflating
Decrypts an encrypted element.
| Parameters: | 
 | 
|---|---|
| Type : | DOMElement | 
| Type : | Encryption Context | 
| Returns: | The decrypted element. | 
| Return type: | DOMElement | 
Deflates and the base64 encodes a string :param value: The string to deflate and encode :return: The deflated and encoded string
Returns a x509 cert (adding header & footer if required).
| Parameters: | 
 | 
|---|---|
| Type : | string | 
| Type : | boolean | 
| Returns: | Formated cert | 
| Return type: | string | 
Formates a fingerprint.
| Parameters: | fingerprint – fingerprint | 
|---|---|
| Type : | string | 
| Returns: | Formated fingerprint | 
| Return type: | string | 
Generates a nameID.
| Parameters: | 
 | 
|---|---|
| Type : | string | 
| Type : | string | 
| Type : | string | 
| Type : | string | 
| Returns: | DOMElement | XMLSec nameID | 
| Return type: | string | 
Generates an unique string (used for example as ID for assertions).
| Returns: | A unique string | 
|---|---|
| Return type: | string | 
Compares 2 dates and returns the earliest.
| Parameters: | 
 | 
|---|---|
| Type : | string | 
| Type : | string | 
| Returns: | The expiration time. | 
| Return type: | int | 
Returns the current host.
| Parameters: | request_data – The request as a dict | 
|---|---|
| Type : | dict | 
| Returns: | The current host | 
| Return type: | string | 
Returns the URL of the current host + current view + query.
| Parameters: | request_data – The request as a dict | 
|---|---|
| Type : | dict | 
| Returns: | The url of current host + current view + query | 
| Return type: | string | 
Returns the protocol + the current host + the port (if different than common ports).
| Parameters: | request_data – The request as a dict | 
|---|---|
| Type : | dict | 
| Returns: | Url | 
| Return type: | string | 
Returns the URL of the current host + current view.
| Parameters: | request_data – The request as a dict | 
|---|---|
| Type : | dict | 
| Returns: | The url of current host + current view | 
| Return type: | string | 
Gets Status from a Response.
| Parameters: | dom – The Response as XML | 
|---|---|
| Type : | Document | 
| Returns: | The Status, an array with the code and a message. | 
| Return type: | dict | 
Checks if https or http.
| Parameters: | request_data – The request as a dict | 
|---|---|
| Type : | dict | 
| Returns: | False if https is not active | 
| Return type: | boolean | 
Converts a SAML2 timestamp on the form yyyy-mm-ddThh:mm:ss(.s+)?Z to a UNIX timestamp. The sub-second part is ignored.
| Parameters: | time – The time we should convert (SAML Timestamp). | 
|---|---|
| Type : | string | 
| Returns: | Converted to a unix timestamp. | 
| Return type: | int | 
Interprets a ISO8601 duration value relative to a given timestamp.
| Parameters: | 
 | 
|---|---|
| Type : | string | 
| Type : | string | 
| Returns: | The new timestamp, after the duration is applied. | 
| Return type: | int | 
Converts a UNIX timestamp to SAML2 timestamp on the form yyyy-mm-ddThh:mm:ss(.s+)?Z.
| Parameters: | time – The time we should convert (DateTime). | 
|---|---|
| Type : | string | 
| Returns: | SAML2 timestamp. | 
| Return type: | string | 
Extracts nodes that match the query from the Element
| Parameters: | 
 | 
|---|---|
| Type : | Element | 
| Type : | string | 
| Type : | DOMElement | 
| Returns: | The queried nodes | 
| Return type: | list | 
Executes a redirection to the provided url (or return the target url).
| Parameters: | 
 | 
|---|---|
| Type : | string | 
| Type : | dict | 
| Type : | dict | 
| Returns: | Url | 
| Return type: | string |