17

I'm using Django and nginx hosted on AWS. I'm trying to integrate with a university for SAML authentication, using their idp. There are plenty of outdated answers on SO, but is there anything more relevant with current standards?

Many of the apps i've seen are for django 1.2 and lower. Specifically i'm looking for resources that would allow me to more easily manage the SAML authentication through some middleware or anything else.

Some of the things I have seen are:

https://github.com/unomena/django-saml2-idp

https://github.com/WiserTogether/django-saml2-sp

KVISH
  • 12,923
  • 17
  • 86
  • 162

4 Answers4

12

The project I found is below:

https://bitbucket.org/lgs/djangosaml2/overview

The project uses psaml2 for SAML support. Pysaml2 can be found here:

https://github.com/rohe/pysaml2

Bear in mind that djangosaml2 may not use the latest version of pysaml2. I tested it and its working fine.

UPDATE

djangosaml2 works with latest version of pysaml2, but make sure to add this line to make it work:

SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer'

This should be in your settings.py.

KVISH
  • 12,923
  • 17
  • 86
  • 162
  • **Update**: djangosaml2 hasn't been updated in over a year, lacks support for Python3 and Django 1.9. – Daniel Quinn Feb 26 '16 at 14:53
  • I'm using it in production with django 1.9.4. I was able to make changes on my side to support it. Python 3 I haven't tested it so i'm not sure about that. – KVISH Mar 21 '16 at 04:33
  • @kvish, I have a question about using djangosaml2 to get the metadata that I can't figure out. Would you mind helping me out? I've posted my question on the [djangosaml2 github](https://github.com/knaperek/djangosaml2/issues/131) – mathiass Sep 20 '18 at 17:54
  • 1
    The project linked is no longer maintained. However, a fork that is very well maintained is available [on GitHub](https://github.com/knaperek/djangosaml2). – Micah Yeager Aug 03 '20 at 20:17
5

SAML is two sides:

  • IDP -> Identity Provider side -> i.e. the university
  • SP -> Service Provider -> i.e. your application

Sounds like this one is what you want: https://github.com/WiserTogether/django-saml2-sp.

You have to take into account that SAML as a standard is complex, so you might find issues getting the library talk to the SAML implementation in the university. You will also have to get from them the identity provider cert public key and ask them to add your application on their side with a specific entity id. And when you start managing a couple of them it gets complex.

You might also want to check out something like Auth0 to handle all those SAML connections. There is a very simple python sample https://gist.github.com/woloski/8149412

woloski
  • 2,863
  • 16
  • 14
  • This works, but I found a more updated and well maintained project. – KVISH Mar 28 '14 at 04:26
  • Hey KVISH, I am working on the exact same problem of implementing SAML SSO with a Django project. What solution did you end up using? – Aman Aug 17 '15 at 17:16
  • 1
    @Aman not sure if you saw it, but they answered their own question and pointed to djangosaml2. – Jordan Dec 03 '15 at 20:11
5

Hi I just created a django saml2 authentication plugin.

https://github.com/fangli/django-saml2-auth

It's quite easy to integrate with your SAML2 provider, hope you enjoy.

Felix
  • 1,910
  • 1
  • 15
  • 11
  • can you please share an example where you used this package – MKRNaqeebi May 02 '19 at 10:16
  • I just struggled with this for a bit, it was very helpful for our project. Getting the dependencies sorted in our docker container was a bit of a pain, but once we were through that it worked like a charm (with some modification for our use case). – Ian Wesley Dec 03 '19 at 22:14
  • Don't use this module if the signed response is required, once this module [doesn't support](https://github.com/fangli/django-saml2-auth/issues/48#issuecomment-563468469) the certificate / keys –  Dec 10 '19 at 20:28
1

This library is actively maintained: https://github.com/onelogin/python3-saml/tree/master/demo-django

mecampbellsoup
  • 1,260
  • 18
  • 16