Creating Documents¶
Create XML documents in accordance with the SAML 2.0 specification
AuthnRequest¶
-
class
saml.schema.
AuthenticationRequest
(text=None, **kwargs)[source]¶ Create a SAML AuthnRequest
from saml import schema from datetime import datetime document = schema.AuthenticationRequest() document.id = '11111111-2222-3333-4444-555555555555' document.issue_instant = datetime(2000, 1, 1) document.assertion_consumer_service_index = 0 document.attribute_consuming_service_index = 0 document.issuer = 'https://sp.example.com/SAML2' policy = schema.NameIDPolicy() policy.allow_create = True policy.format = schema.NameID.Format.TRANSIENT document.policy = policy print document.tostring()
Produces the following XML document:
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="11111111-2222-3333-4444-555555555555" IssueInstant="2000-01-01T00:00:00Z" AssertionConsumerServiceIndex="0" AttributeConsumingServiceIndex="0"> <saml:Issuer>https://sp.example.com/SAML2</saml:Issuer> <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" AllowCreate="true"/> </samlp:AuthnRequest>
Response¶
-
class
saml.schema.
Response
(text=None, **kwargs)[source]¶ Create a SAML Response
from saml import schema from datetime import datetime document = schema.Response() document.id = '11111111-1111-1111-1111-111111111111' document.in_response_to = '22222222-2222-2222-2222-222222222222' document.issue_instant = datetime(2000, 1, 1, 1) document.issuer = 'https://idp.example.org/SAML2' document.destination = 'https://sp.example.com/SAML2/SSO/POST' document.status.code.value = schema.StatusCode.SUCCESS # Create an assertion for the response. document.assertions = assertion = schema.Assertion() assertion.id = '33333333-3333-3333-3333-333333333333' assertion.issue_instant = datetime(2000, 1, 1, 2) assertion.issuer = 'https://idp.example.org/SAML2' # Create a subject. assertion.subject = schema.Subject() assertion.subject.principal = '44444444-4444-4444-4444-444444444444' assertion.subject.principal.format = schema.NameID.Format.TRANSIENT data = schema.SubjectConfirmationData() data.in_response_to = '22222222-2222-2222-2222-222222222222' data.not_on_or_after = datetime(2000, 1, 1, 1, 10) data.recipient = 'https://sp.example.com/SAML2/SSO/POST' confirmation = schema.SubjectConfirmation() confirmation.data = data assertion.subject.confirmation = confirmation # Create an authentication statement. statement = schema.AuthenticationStatement() assertion.statements.append(statement) statement.authn_instant = datetime(2000, 1, 1, 1, 3) statement.session_index = '33333333-3333-3333-3333-333333333333' reference = schema.AuthenticationContextReference statement.context.reference = reference.PASSWORD_PROTECTED_TRANSPORT # Create a authentication condition. assertion.conditions = conditions = schema.Conditions() conditions.not_before = datetime(2000, 1, 1, 1, 3) conditions.not_on_or_after = datetime(2000, 1, 1, 1, 9) condition = schema.AudienceRestriction() condition.audiences = 'https://sp.example.com/SAML2' conditions.condition = condition print document.tostring()
Produces the following XML document:
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="11111111-1111-1111-1111-111111111111" IssueInstant="2000-01-01T01:00:00Z" Destination="https://sp.example.com/SAML2/SSO/POST" InResponseTo="22222222-2222-2222-2222-222222222222"> <saml:Issuer>https://idp.example.org/SAML2</saml:Issuer> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status> <saml:Assertion Version="2.0" ID="33333333-3333-3333-3333-333333333333" IssueInstant="2000-01-01T02:00:00Z"> <saml:Issuer>https://idp.example.org/SAML2</saml:Issuer> <saml:Subject> <saml:NameID Format= "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"> 44444444-4444-4444-4444-444444444444 </saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData NotOnOrAfter="2000-01-01T01:10:00Z" Recipient="https://sp.example.com/SAML2/SSO/POST" InResponseTo= "22222222-2222-2222-2222-222222222222"/> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions NotBefore="2000-01-01T01:03:00Z" NotOnOrAfter="2000-01-01T01:09:00Z"> <saml:AudienceRestriction> <saml:Audience> https://sp.example.com/SAML2 </saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthnInstant="2000-01-01T01:03:00Z" SessionIndex="33333333-3333-3333-3333-333333333333"> <saml:AuthnContext> <saml:AuthnContextClassRef> urn:oasis:names:tc:SAML:2.0:ac:classes: PasswordProtectedTransport </saml:AuthnContextClassRef> </saml:AuthnContext> </saml:AuthnStatement> </saml:Assertion> </samlp:Response>
LogoutRequest¶
-
class
saml.schema.
LogoutRequest
(text=None, **kwargs)[source]¶ Create a SAML LogoutRequest
from saml import schema from datetime import datetime document = schema.LogoutRequest() document.id = '11111111-1111-1111-1111-111111111111' document.issue_instant = datetime(2000, 1, 1) document.issuer = 'https://idp.example.org/SAML2' document.destination = 'https://sp.example.org/SAML2/logout' document.principal = 'myemail@mydomain.com' document.principal.format = schema.NameID.Format.EMAIL document.principal.name_qualifier = 'https://idp.example.org/SAML2' document.session_index = 'SESSION-22222222-2222-2222-2222-222222222222' print document.tostring()
Produces the following XML document:
<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="11111111-1111-1111-1111-111111111111" IssueInstant="2000-01-01T00:00:00Z" Destination="https://idphost/adfs/ls/"> <saml:Issuer>https://idp.example.org/SAML2</saml:Issuer> <saml:NameID NameQualifier="https://idp.example.org/SAML2" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"> myemail@mydomain.com </saml:NameID> <samlp:SessionIndex> SESSION-22222222-2222-2222-2222-222222222222 </samlp:SessionIndex> </samlp:LogoutRequest>
LogoutResponse¶
-
class
saml.schema.
LogoutResponse
(text=None, **kwargs)[source]¶ Create a SAML LogoutResponse
from saml import schema from datetime import datetime document = schema.LogoutResponse() document.id = '22222222-2222-2222-2222-222222222222' document.in_response_to = '11111111-1111-1111-1111-111111111111' document.issue_instant = datetime(2000, 1, 1) document.issuer = 'https://idp.example.org/SAML2' document.destination = 'https://sp.example.com/SAML2/SLO/POST' document.status.code.value = schema.StatusCode.SUCCESS print document.tostring()
Produces the following XML document:
<samlp:LogoutResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="22222222-2222-2222-2222-222222222222" IssueInstant="2000-01-01T00:00:00Z" Destination="https://sp.example.com/SAML2/SLO/POST" InResponseTo="11111111-1111-1111-1111-111111111111"> <saml:Issuer>https://idp.example.org/SAML2</saml:Issuer> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status> </samlp:LogoutResponse>