Monday, July 13, 2009

PySAML - A SAML 2.0 Toolkit for Python

Security Assertion Markup Language (SAML) can be a bit confusing to understand. At its core SAML is just a protocol with defined messages written in XML. The main purpose of SAML is to enable you to log in at one place such as a website and then jump over to another website without having to log in again. This setup is commonly called "federation".

It is similiar to OAuth. I see SAML continuing to make headroom in the enterprise space while OAuth stays strong in the consumer space. However in the future I hope these two technologies will end up playing well together.

In either case I am releasing a small Python library for generating SAML assertions. The main purpose of this is to learn SAML by doing (actually having to create an assertion gives me a good idea of the complexity of the protocol).

The library depends on M2Crypto so download and install it:
http://chandlerproject.org/bin/view/Projects/MeTooCrypto

M2Crypto depends on SWIG so you might need that as well.

Once that is installed you can download my distribution of PySAML here:

Python 2.6 - Win32:
http://darkeneddesire.com/PySAML/PySAML-1.0.win32.exe

Unix (source):
http://darkeneddesire.com/PySAML/PySAML.tar.gz

For windows you just run the executable. For unix you should run the following commands:

# cd PySAML
# python setup.py build
# python setup.by install

There are examples in the "examples" folder if you download the full source.

The whole project is available on github as well:
http://github.com/tachang/PySAML/tree/master

5 comments:

Unknown said...

Does this library only generates SAML assertions (as an IDP) or does it allow validation of assertions from other IDPs such as the fedlet scenario.

I am wondering if I can use this library to implement a SAML 2.0 enabled relying party authentication module for Django so that the user may authenticate with OpenSSO and the Django portal will honor the authentication assertion.

Jeff Tchang said...

@Angela

This library only generates assertions for now. I haven't worked on it in a while but if someone wants to pick it up I wouldn't mind!

Amit Patel said...

Hi,
Can you help me how to make Authentication Request using SAML2 in python code?

Unknown said...

There is a follow up, namely pySAML2 :-)
Can be found on launchpad.
But beware that I'm just in the process of refactoring, so there will be major changes shortly.

guitarmanvt said...

It's been a while, but I am (somewhat) actively working on two Django projects that use PySAML: http://code.google.com/p/django-saml2-idp/ and http://code.google.com/p/django-saml2-sp/ . I also just forked PySAML on Github @ https://github.com/guitarmanvt/PySAML so I can fix that issue I reported 9 months ago. ;)