Monday, July 13, 2009

PySAML - A SAML 2.0 Toolkit for Python

Security Assertion Markup Language (SAML) can be a bit confusing to understand. At its core SAML is just a protocol with defined messages written in XML. The main purpose of SAML is to enable you to log in at one place such as a website and then jump over to another website without having to log in again. This setup is commonly called "federation".

It is similiar to OAuth. I see SAML continuing to make headroom in the enterprise space while OAuth stays strong in the consumer space. However in the future I hope these two technologies will end up playing well together.

In either case I am releasing a small Python library for generating SAML assertions. The main purpose of this is to learn SAML by doing (actually having to create an assertion gives me a good idea of the complexity of the protocol).

The library depends on M2Crypto so download and install it:

M2Crypto depends on SWIG so you might need that as well.

Once that is installed you can download my distribution of PySAML here:

Python 2.6 - Win32:

Unix (source):

For windows you just run the executable. For unix you should run the following commands:

# cd PySAML
# python build
# python install

There are examples in the "examples" folder if you download the full source.

The whole project is available on github as well:


Angela said...

Does this library only generates SAML assertions (as an IDP) or does it allow validation of assertions from other IDPs such as the fedlet scenario.

I am wondering if I can use this library to implement a SAML 2.0 enabled relying party authentication module for Django so that the user may authenticate with OpenSSO and the Django portal will honor the authentication assertion.

Jeff Tchang said...


This library only generates assertions for now. I haven't worked on it in a while but if someone wants to pick it up I wouldn't mind!

Amit Patel said...

Can you help me how to make Authentication Request using SAML2 in python code?

rolandh said...

There is a follow up, namely pySAML2 :-)
Can be found on launchpad.
But beware that I'm just in the process of refactoring, so there will be major changes shortly.

guitarmanvt said...

It's been a while, but I am (somewhat) actively working on two Django projects that use PySAML: and . I also just forked PySAML on Github @ so I can fix that issue I reported 9 months ago. ;)