CODEWITHSUNDEEP
pythonsingle-sign-onsamlshibboleth
Art
Art

Reputation: 2325

Python SSO: pysaml2 and python3-saml

I new to SSO and I've only tried pysaml2 by far.

I am also aware of python3-saml library (and its python-saml Python 2 flavour).

I need to use one of those with Shibboleth, if it is relevant.

What are the pros and cons of pysaml2 and python3-saml?

Update:

As for 2019, I still find python3-saml to be the best option if you need to implement an SP. It is not flawless (sorry @smartin, hhehe), but it will give you much less headache than pysaml2.

Upvotes: 11

Views: 10165

Answers (2)

Robert Guice
Robert Guice

Reputation: 659

@smartin - one thing I'd love to have you do is integrate xmlsec1 library into your package the way saml2 does. I had to spend a few days getting xmlsec1 to install on Heroku - huge time drain. Ended up having to create a docker file and download from source to make it work. Not sure how big of a deal it is for most, but was a huge pain for Heroku.

After all that, I was wondering why saml2 didn't need this to work and saw this import:

from saml2.sigver import get_xmlsec_binary

Just thought I'd share.

Upvotes: 0

smartin
smartin

Reputation: 3037

Both projects are compatible with Shibboleth.

pysaml2 is older than python3-saml, right now both support py2 and py3. Both are kinda active and documented.

python3-saml follows the structure of Onelogin's SAML toolkit so if you used any other toolkit before (php-saml, ruby-saml, java-saml), will be easy for you to handle with it (similar methods, same settings).

Differences

Crypto:

  • pysaml2 uses as dependecy pycryptodome to handle with cryptography and implements its own xmldsig and xmlenc classes (to manipulate signatures and encryption on XMLs).
  • python3-saml uses as dependecy python-xmlsec and delegates on it the signature/encryption of XML elements.

Functionality:

  • pysaml2 let you deploy an Identity Provider or a Service Provider
  • python3-saml is focused on the Service Provider

Settings:

In my opinion, python3-saml is easier than pysaml2, settings are more precise and its repo contains code examples on how integrate a django or a flask app and a guide at the docs.

Note: I'm the author of python3-saml

Upvotes: 14

Related Questions