Usage¶

Invenio module that provides SAML integration.

This module provides you with a set of default handlers than can be used out of the box to authenticated users using SSO SAML.

Handlers¶

Invenio-SAML allows you to specify handlers for each SSO action, sso, acs, slo, sls and metadata. Typically the ones that matter the most are acs and sls, because they are the ones that will authenticate and “unauthenticate” users from the application.

This module provides default handlers for acs and``sls`` actions that will be valid for most of the use cases. The default ACS handler is created by a factory, :func: invenio_saml.handlers.acs_handler_function. This is how you can use them:

from invenio_saml.handlers import acs_handler_factor

SSO_SAML_IDPS={
        '<idp-name>': {
            'settings': {
                'idp': {
                    'entityId': '<idp-url>',
                    'singleSignOnService': {
                        'url': '<ipd-sso-url>',
                    },
                    'singleLogoutService': {
                        'url': '<idp-slo-url>',
                    },
                    'x509cert': '<ipd-cert>',
                },
            },
            "mappings": { 
                "email": "User.email",
                "name": "User.FirstName",
                "surname": "User.LastName",
                "external_id": "User.email",
            },
            'acs_handler': acs_handler_factory('<idp-name>'),
            'auto_confirm': False,
        }
    }

Fork me on GitHub