{"id":21032266,"url":"https://github.com/daisukeark/example-awssso","last_synced_at":"2026-04-11T16:03:05.147Z","repository":{"id":162031181,"uuid":"294845770","full_name":"daisukeArk/example-awssso","owner":"daisukeArk","description":null,"archived":false,"fork":false,"pushed_at":"2020-09-15T13:23:40.000Z","size":11,"stargazers_count":0,"open_issues_count":0,"forks_count":2,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-01-20T15:34:41.628Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/daisukeArk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-09-12T01:23:13.000Z","updated_at":"2020-09-15T13:23:42.000Z","dependencies_parsed_at":null,"dependency_job_id":"fba09c31-1b19-4356-864f-c5a34506c350","html_url":"https://github.com/daisukeArk/example-awssso","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daisukeArk%2Fexample-awssso","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daisukeArk%2Fexample-awssso/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daisukeArk%2Fexample-awssso/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daisukeArk%2Fexample-awssso/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/daisukeArk","download_url":"https://codeload.github.com/daisukeArk/example-awssso/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243474353,"owners_count":20296703,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-19T12:41:53.761Z","updated_at":"2025-12-29T16:52:28.527Z","avatar_url":"https://github.com/daisukeArk.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# example-awssso\n\n## 前提条件や動作環境\n\n- macOS 10.15.6\n- Python 3.7.8\n- Django 3.1.1\n- python3-saml 1.9.0\n- django-sslserver 0.22\n\n## セットアップ\n\n```Shell\n# 仮想環境の作成\n$ python -m venv ~/envs/example-awssso\n\n# 起動\n$ source ~/envs/example-awssso/bin/activate\n```\n\n## インストール、プロジェクト作成\n\n```Shell\n# Django インストール\n(example-awssso) $ python -m pip install Django\n\n# バージョン確認\n(example-awssso) $ python -m django --version\n3.1.1\n\n# プロジェクト作成\n(example-awssso) $ django-admin startproject webapp .\n```\n\n## インストール(ssl)\n\n`開発用`です。SSL通信を許可します。くれぐれも本番環境では利用しないようにしてください。\n自己証明書作成については割愛します。\n\n```Shell\n(example-awssso) $ pip install django-sslserver\n```\n\n## インストール(python3-saml)\n\nSAML認証サポートには色々ありましたが、`python3-saml`を試してみることにしました。\u003c/br\u003e\n`python3-saml`のインストール前に`xmlsec`の依存解決をします。\n\n[https://github.com/onelogin/python3-saml](https://github.com/onelogin/python3-saml)\n[https://pypi.org/project/xmlsec/](https://pypi.org/project/xmlsec/)\n\n```Shell\n# xmlsec 依存関係解決\n(example-awssso) $ brew install libxml2 libxmlsec1 pkg-config\n\n# インストール\n(example-awssso) $ pip install python3-saml\n```\n\n## アプリケーションセットアップ\n\npython3-samlのGitHubにDjangoのサンプルコードがあるのでそちらも参考にしてください。\n\n```Shell\n(example-awssso) $ mkdir saml\n\n# 設定用の空ファイルを作成\n(example-awssso) $ touch saml/settings.json\n(example-awssso) $ touch saml/advanced_settings.json\n```\n\n### advanced_settings.json\n\n```json\n{\n  \"security\": {\n    \"nameIdEncrypted\": false,\n    \"authnRequestsSigned\": false,\n    \"logoutRequestSigned\": false,\n    \"logoutResponseSigned\": false,\n    \"signMetadata\": false,\n    \"wantMessagesSigned\": false,\n    \"wantAssertionsSigned\": false,\n    \"wantNameId\": true,\n    \"wantNameIdEncrypted\": false,\n    \"signatureAlgorithm\": \"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\",\n    \"digestAlgorithm\": \"http://www.w3.org/2001/04/xmlenc#sha256\"\n  },\n  \"contactPerson\": {\n    \"technical\": {\n      \"givenName\": \"technical_name\",\n      \"emailAddress\": \"technical@example.com\"\n    },\n    \"support\": {\n      \"givenName\": \"support_name\",\n      \"emailAddress\": \"support@example.com\"\n    }\n  },\n  \"organization\": {\n    \"en-US\": {\n      \"name\": \"sp_test\",\n      \"displayname\": \"SP test\",\n      \"url\": \"https://localhost:8000\"\n    }\n  }\n}\n```\n\n### settings.json\n\n`AWS SSO SAML メタデータファイル`の内容から以下の設定値を編集して保存します。\n\n#### sp\n\n- entityId\n- assertionConsumerService.url\n- NameIDFormat\n\n#### idp\n\n`AWS SSO SAML メタデータファイル`の内容から設定してください。\n\n- entityId(entityID)\n- singleSignOnService.url(SingleSignOnService.Location)\n- singleLogoutService.url(SingleLogoutService.Location)\n- x509cert(X509Certificate)\n\n```json\n{\n  \"strict\": true,\n  \"debug\": true,\n  \"sp\": {\n    \"entityId\": \"https://localhost:8000/metadata/\",\n    \"assertionConsumerService\": {\n      \"url\": \"https://localhost:8000/acs/\",\n      \"binding\": \"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n    },\n    \"singleLogoutService\": {\n      \"url\": \"https://localhost:8000/sls/\",\n      \"binding\": \"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n    },\n    \"NameIDFormat\": \"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent\",\n    \"x509cert\": \"\",\n    \"privateKey\": \"\"\n  },\n  \"idp\": {\n    \"entityId\": \"https://portal.sso.ap-northeast-1.amazonaws.com/saml/assertion/\u003cAWS SSO ID\u003e\",\n    \"singleSignOnService\": {\n      \"url\": \"https://portal.sso.ap-northeast-1.amazonaws.com/saml/assertion/\u003cAWS SSO ID\u003e\",\n      \"binding\": \"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n    },\n    \"singleLogoutService\": {\n      \"url\": \"https://portal.sso.ap-northeast-1.amazonaws.com/saml/logout/\u003cAWS SSO ID\u003e\",\n      \"binding\": \"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n    },\n    \"x509cert\": \"\u003cAWS SSO 証明書\u003e\"\n  }\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdaisukeark%2Fexample-awssso","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdaisukeark%2Fexample-awssso","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdaisukeark%2Fexample-awssso/lists"}