### Start Docker Containers Source: https://djangosaml2idp.readthedocs.io/en/latest/example_setup/README.html Use this command to start the SP and IdP services using Docker Compose. Ensure you are in the example's directory. ```bash docker-compose up -d ``` -------------------------------- ### Install djangosaml2idp using pip Source: https://djangosaml2idp.readthedocs.io/en/latest/installation.html Use this command to install the djangosaml2idp package and its dependencies. Ensure XML Security Library is installed beforehand. ```bash pip install djangosaml2idp ``` -------------------------------- ### Install Dependencies and Run Server (Non-Docker) Source: https://djangosaml2idp.readthedocs.io/en/latest/example_setup/README.html If not using Docker, install the required packages and run the Django development server for both the IdP and SP. Ensure you are in the respective directories. ```bash pip install -r requirements.txt python manage.py migrate python manage.py runserver 0.0.0.0:9000 (8000 for the SP) in a terminal ``` -------------------------------- ### Configure SAML IdP Settings Source: https://djangosaml2idp.readthedocs.io/en/latest/configuration.html Set up the SAML IdP configuration in your Django settings, following PySAML2 standards. Ensure 'xmlsec_binary' is correctly pointed to your xmlsec1 binary. ```python import saml2 from saml2.saml import NAMEID_FORMAT_EMAILADDRESS, NAMEID_FORMAT_UNSPECIFIED from saml2.sigver import get_xmlsec_binary LOGIN_URL = '/login/' BASE_URL = 'http://localhost:9000/idp' SAML_IDP_CONFIG = { 'debug' : DEBUG, 'xmlsec_binary': get_xmlsec_binary(['/opt/local/bin', '/usr/bin/xmlsec1']), 'entityid': '%s/metadata' % BASE_URL, 'description': 'Example IdP setup', 'service': { 'idp': { 'name': 'Django localhost IdP', 'endpoints': { 'single_sign_on_service': [ ('http://localhost:9000/idp/sso/post/', saml2.BINDING_HTTP_POST), ('http://localhost:9000/idp/sso/redirect/', saml2.BINDING_HTTP_REDIRECT), ], "single_logout_service": [ ("http://localhost:9000/idp/slo/post/", saml2.BINDING_HTTP_POST), ("http://localhost:9000/idp/slo/redirect/", saml2.BINDING_HTTP_REDIRECT) ], }, 'name_id_format': [NAMEID_FORMAT_EMAILADDRESS, NAMEID_FORMAT_UNSPECIFIED], 'sign_response': True, 'sign_assertion': True, 'want_authn_requests_signed': True, }, }, # Signing 'key_file': BASE_DIR + '/certificates/private.key', 'cert_file': BASE_DIR + '/certificates/public.cert', # Encryption 'encryption_keypairs': [{ 'key_file': BASE_DIR + '/certificates/private.key', 'cert_file': BASE_DIR + '/certificates/public.cert', }], 'valid_for': 365 * 24, } ``` -------------------------------- ### Add djangosaml2idp to INSTALLED_APPS Source: https://djangosaml2idp.readthedocs.io/en/latest/configuration.html Include 'djangosaml2idp' in your Django project's INSTALLED_APPS setting. ```python INSTALLED_APPS = ( 'django.contrib.admin', 'djangosaml2idp', ... ) ``` -------------------------------- ### Configure Signing and Digest Algorithms Source: https://djangosaml2idp.readthedocs.io/en/latest/configuration.html Set default signing and digest algorithms for SAML authentication responses. These settings are used if not overridden by individual Service Providers. ```python SAML_AUTHN_SIGN_ALG = saml2.xmldsig.SIG_RSA_SHA256 SAML_AUTHN_DIGEST_ALG = saml2.xmldsig.DIGEST_SHA256 ``` -------------------------------- ### Create Superuser on IdP Source: https://djangosaml2idp.readthedocs.io/en/latest/example_setup/README.html Execute this command within your running Docker containers to create an administrative user for the Identity Provider. This user is needed for authentication. ```bash docker exec -it djangosaml2idp_idp python manage.py createsuperuser ``` -------------------------------- ### Include djangosaml2idp URLs Source: https://djangosaml2idp.readthedocs.io/en/latest/configuration.html Add the djangosaml2idp URLs to your project's main URL configuration. ```python from django.conf.urls import url, include from django.contrib import admin urlpatterns = [ url(r'^idp/', include('djangosaml2idp.urls')), url(r'^admin/', admin.site.urls), ... ] ``` -------------------------------- ### Generate SAML Certificates Source: https://djangosaml2idp.readthedocs.io/en/latest/example_setup/README.html This script generates new self-signed certificates for the IdP or SP. Ensure the subject's common name (CN) matches the required hostname (e.g., idp.localhost.com or sp.localhost.com). ```bash ./generate.sh ``` -------------------------------- ### Set Default Processor and Attribute Mapping Source: https://djangosaml2idp.readthedocs.io/en/latest/configuration.html Define default values for the 'processor' and 'attribute_mapping' fields. These are used if not explicitly set for a Service Provider. ```python SAML_IDP_SP_FIELD_DEFAULT_PROCESSOR = 'djangosaml2idp.processors.BaseProcessor' SAML_IDP_SP_FIELD_DEFAULT_ATTRIBUTE_MAPPING = {"email": "email", "first_name": "first_name", "last_name": "last_name", "is_staff": "is_staff", "is_superuser": "is_superuser"} ``` -------------------------------- ### Stop Docker Containers Source: https://djangosaml2idp.readthedocs.io/en/latest/example_setup/README.html Use this command to gracefully stop the running Docker containers for the SP and IdP. ```bash docker-compose stop ``` -------------------------------- ### Set Fallback Expiration Days for SP Metadata Source: https://djangosaml2idp.readthedocs.io/en/latest/configuration.html Provide a fallback setting for metadata expiration days if the Service Provider does not properly expose this information. ```python SAML_IDP_FALLBACK_EXPIRATION_DAYS = 30 ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.