I'm manage to integrate SAML authentication in my Django application using the package Djangosaml2 and Pysaml2 with Azure as IdP provider.
everything is working properly I can login with SAML and log out.
What I don't understand is what is the use of having a metadata at the url https://panda.company.com/saml/metadata and what is the use of having a url https://panda.company.com/saml2/ls/ ? Because with just the remote_metadata.xml provided by Azure is enough to login and logout.
SAML_CONFIG = {
'xmlsec_binary': '/usr/bin/xmlsec1',
'name': 'CloudBolt SP',
'entityid': 'https://panda.company.com/',
'service': {
'sp': {
'want_assertions_signed': False,
'want_response_signed': False,
'allow_unsolicited': True,
'endpoints': {
'assertion_consumer_service': [
('https://panda.company.com/saml2/acs/', saml2.BINDING_HTTP_POST),
],
'single_logout_service': [
('https://panda.company.com/saml2/ls/', saml2.BINDING_HTTP_REDIRECT),
],
},
'required_attributes': ['email'],
},
},
'debug': 1,
'key_file': os.path.join(SAML2_DIR, 'saml.key'), # private part
'cert_file': os.path.join(SAML2_DIR, 'saml.crt'), # public part
'allow_unknown_attributes': True,
'attribute_map_dir': os.path.join(/usr/local/lib/python3.6/site-packages/saml2/attributemaps'),
'metadata': {
'local': [os.path.join(SAML2_DIR, 'remote_metadata.xml')],
},
'contact_person': [{
'given_name': 'First',
'sur_name': 'Last',
'company': 'Company',
'email_address': '[email protected]',
'contact_type': 'technical'
}],
'organization': {
'name': 'Company',
'display_name': 'Company',
'url': 'http://www.company.com',
},
'valid_for': 24, # how long is our metadata valid
'accepted_time_diff': 120, #seconds
}
SAML_DJANGO_USER_MAIN_ATTRIBUTE = 'username'
SAML_CREATE_UNKNOWN_USER = True
SAML_ATTRIBUTE_MAPPING = {
'email': ('email', ),
'givenName': ('first_name', ),
'sn': ('last_name', ),
'uid': ('username', ),
}