{"id":16421818,"url":"https://github.com/peppelinux/django-identity","last_synced_at":"2025-10-27T23:37:33.715Z","repository":{"id":54531207,"uuid":"134951084","full_name":"peppelinux/Django-Identity","owner":"peppelinux","description":"Code and resources related to AAI in a Django context","archived":false,"fork":false,"pushed_at":"2022-10-30T17:33:33.000Z","size":1443,"stargazers_count":11,"open_issues_count":1,"forks_count":3,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-07-20T01:59:42.409Z","etag":null,"topics":["django","idp","pysaml2","saml2","sp","sso-authentication"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/peppelinux.png","metadata":{"files":{"readme":"README.SAML2.resources.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-05-26T10:18:14.000Z","updated_at":"2023-07-01T22:06:14.000Z","dependencies_parsed_at":"2023-01-20T16:00:23.552Z","dependency_job_id":null,"html_url":"https://github.com/peppelinux/Django-Identity","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/peppelinux/Django-Identity","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/peppelinux%2FDjango-Identity","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/peppelinux%2FDjango-Identity/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/peppelinux%2FDjango-Identity/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/peppelinux%2FDjango-Identity/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/peppelinux","download_url":"https://codeload.github.com/peppelinux/Django-Identity/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/peppelinux%2FDjango-Identity/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":281361402,"owners_count":26487881,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-27T02:00:05.855Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["django","idp","pysaml2","saml2","sp","sso-authentication"],"created_at":"2024-10-11T07:34:53.476Z","updated_at":"2025-10-27T23:37:33.699Z","avatar_url":"https://github.com/peppelinux.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"## pySAML2 things, improvements and issues\n\n- [time_utils](https://github.com/IdentityPython/pysaml2/issues/445)\n- [InResponseTo=\"\"](https://github.com/IdentityPython/pysaml2/issues/458)\n- [_parse_request Refactoring](https://github.com/IdentityPython/pysaml2/issues/456)\n- [Cookies encrypted in AES CBC](https://github.com/IdentityPython/pysaml2/issues/453)\n- [empty URI in ServiceName element](https://github.com/IdentityPython/pysaml2/issues/345)\n- [handle_logout_request doesn't sign redirect binding responses as requested](https://github.com/IdentityPython/pysaml2/issues/334)\n- [XXE attack](https://github.com/IdentityPython/pysaml2/issues/508)\n- [SSRF](https://github.com/IdentityPython/pysaml2/issues/510)\n\n## Advanced Topics\nResources and examples about advanced SAML2 implementations and use cases.\n\n### SAML2 security assertions\n- Artifact resolution should be the best auth method in several bandwidth and security aspects. Read [this](https://stackoverflow.com/questions/13616169/what-is-the-purpose-of-a-saml-artifact)\n\n### Auth proxies\n- https://github.com/IdentityPython/SATOSA/blob/master/doc/one-to-many.md\n- https://github.com/IdentityPython/SATOSA/wiki\n- https://github.com/IdentityPython/satosa-developer\n\nMy implementation example here:\n- https://github.com/peppelinux/Satosa-saml2saml\n\n### WAYF and Discovery-service\n\nThis is the leading project regarding Discovery Services:\nhttps://seamlessaccess.org/\n\nMy implementation here for SPID/Other federation:\n- https://github.com/UniversitaDellaCalabria/unicalDiscoveryService\n\nIdP Discovery Service flow described in [SAML2 specifications](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-idp-discovery.pdf?) is made of the following steps:\n\n- SP is configured to use a remote IdP Discovery Service to determine the IdP to be used for the Federation SSO operation\n- The SP redirects the user to the IdP Discovery Service via a 302 HTTP redirect and provides the following parameters in the query string\n- entityID: the Issuer/ProviderID of OIF/SP\n- returnIDParam: the name of the query string parameter that the service needs to use for the parameter containing the IdP - ProviderID value, when redirecting the user back to OIF/SP\n- return: the URL to use to redirect the user to OIF/SP\n- The service determines the IdP to use\n- The service redirects the user to OIF/SP via a 302 HTTP redirect based on the query parameter \"return\" specified by the SP and provides the following parameters in the query string\n- A query parameter containing the the IdP ProviderID value; the name of that query parameter is specified by the SP in the returnIDParam query parameter.\n\nHopefully a Discovery service will:\n- Be aware of a list of known IdPs, referenced by the ProviderID/Issuer identifiers\n- Let the user select the IdP to use from a drop down list\n- Save the user's choice in a cookie called IDPDiscService\n- At runtime, the service will check if the IDPDiscService is present:\n- If present and contains a valid IdP, then the service will automatically redirect the user back to the SP with the IdP's - - ProviderID/Issuer: no user interaction will take place\n- Otherwise, the service will display a page containing a dropdown list of the known IdPs\n\nAttribute Authorities\n- https://www.cesnet.cz/wp-content/uploads/2013/12/saml-aa-shibboleth.pdf\n\nAdditional resources:\n- https://discovery.refeds.org/guide/\n- https://www.switch.ch/aai/support/tools/wayf/\n- https://github.com/uktrade/staff-sso\n- https://github.com/knaperek/djangosaml2/issues/73\n- https://github.com/opennode/waldur-auth-saml2\n- https://github.com/IdentityPython/SATOSA/issues/140\n- pyFF [Integrated discovery service in part based on RA21.org P3W project](https://pythonhosted.org/pyFF/)\n\nInteresting third-party discovery services:\n- http://discojuice.org/getting-started/ - awesome to develop a django app (django-discojuice?). See [this php implementation](https://github.com/andreassolberg/DiscoJuice)\n- https://www.accountchooser.com/learnmore.html (OpenID)\n- https://github.com/hu-berlin-cms/django-shibboleth-eds\n\n\n## Resources\n- SAML2 Primer on [Wikipedia](https://en.m.wikipedia.org/wiki/SAML_2.0)\n- SAML2 Primer for Research \u0026 Scholarship on [SAFIRE](https://safire.ac.za/safire/publications/saml-primer/)\n- https://kantarainitiative.github.io/SAMLprofiles/fedinterop.html\n- [SAML2 Specifications](http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf)\n- http://djangosaml2idp.readthedocs.io/en/latest/\n- https://github.com/IdentityPython\n- https://addons.mozilla.org/en-US/firefox/addon/saml-tracer/ (debug)\n- https://github.com/SAMLRaider/SAMLRaider (pentest)\n- https://wiki.oasis-open.org/security/FrontPage (stdlib source)\n- https://www.aleksey.com/xmlsec/download.html (xmlsec1 sources)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpeppelinux%2Fdjango-identity","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpeppelinux%2Fdjango-identity","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpeppelinux%2Fdjango-identity/lists"}