问题
I'm relatively new to SAML and came across the OneLogin Python SAML library. I was able to get it up and running with my web app being the Service provider (SP) and OneLogin being the Identity Provider (Idp).
I would like to be able to add support for other Identity Providers as well. However, I find that the python-saml library is using a settings.json
to get the Idp information. I have looked at the following issues on their Github project but have been unable to get an actionable solution:
[1] https://github.com/onelogin/python-saml/issues/64
[2] https://github.com/onelogin/python-saml/issues/52
Has anyone been successful in using this library to be able to support multiple Identity Providers?
回答1:
This was answered in the git repo:
The toolkit was not initially designed to be used with multiple IdPs, instead with the OneLogin IdP, but you can with a little effort support multiple IdPs.
In the toolkit you will see 2 demos (django, flask) that uses a settings.js file that contain a json object.
In order to support multiple IdPs you can store each IdP-SP data on different files or store different json objects on a database.
After that, it's up to your application to provide a mechanism to tie different tenants to different IDPs. Most folks typically configure their application to either do this via subdomain (sometenant.myapp.com) or URL (www.myapp.com/sometenant) - with settings configured differently for each tenant
Once you've done that, SAML is SAML and it should work with any IDP that supports it.
来源:https://stackoverflow.com/questions/43684574/python-saml-onelogin-how-to-support-multiple-identity-providers