Python SAML OneLogin - 如何支持多个身份提供者 [英] Python SAML OneLogin - How to support multiple Identity Providers

问题描述

我对 SAML 比较陌生，并且遇到了 OneLogin Python SAML 库.我能够启动并运行我的 Web 应用程序作为服务提供商 (SP) 和 OneLogin 作为身份提供商 (Idp).

I'm relatively new to SAML and came across the OneLogin Python SAML library. I was able to get it up and running with my web app being the Service provider (SP) and OneLogin being the Identity Provider (Idp).

我也希望能够添加对其他身份提供商的支持.但是，我发现 python-saml 库正在使用 settings.json 来获取 Idp 信息.我在他们的 Github 项目中查看了以下问题，但无法获得可行的解决方案:[1] https://github.com/onelogin/python-saml/issues/64[2] https://github.com/onelogin/python-saml/issues/52

I would like to be able to add support for other Identity Providers as well. However, I find that the python-saml library is using a settings.json to get the Idp information. I have looked at the following issues on their Github project but have been unable to get an actionable solution: [1] https://github.com/onelogin/python-saml/issues/64 [2] https://github.com/onelogin/python-saml/issues/52

有没有人成功地使用这个库来支持多个身份提供者?

Has anyone been successful in using this library to be able to support multiple Identity Providers?

推荐答案

这是 在 git repo 中回答:

该工具包最初并未设计用于多个 IdP，而是使用 OneLogin IdP，但您只需稍加努力即可支持多个 IdP.

The toolkit was not initially designed to be used with multiple IdPs, instead with the OneLogin IdP, but you can with a little effort support multiple IdPs.

在工具包中，您将看到 2 个使用包含 json 对象的 settings.js 文件.

In the toolkit you will see 2 demos (django, flask) that uses a settings.js file that contain a json object.

为了支持多个 IdP，您可以将每个 IdP-SP 数据存储在不同的文件或在数据库中存储不同的 json 对象.

In order to support multiple IdPs you can store each IdP-SP data on different files or store different json objects on a database.

之后，由您的应用程序提供一种机制来将不同的租户与不同的 IDP 联系起来.大多数人通常将他们的应用程序配置为通过子域 (sometenant.myapp.com) 或 URL (www.myapp.com/sometenant) 执行此操作 - 为每个租户配置不同的设置

After that, it's up to your application to provide a mechanism to tie different tenants to different IDPs. Most folks typically configure their application to either do this via subdomain (sometenant.myapp.com) or URL (www.myapp.com/sometenant) - with settings configured differently for each tenant

一旦你这样做了，SAML 就是 SAML，它应该适用于任何支持它的 IDP.

Once you've done that, SAML is SAML and it should work with any IDP that supports it.

这篇关于Python SAML OneLogin - 如何支持多个身份提供者的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！