= NDG SAML = NDG SAML is a Python implementation of SAML 2.0 developed for the [http://ndg.nerc.ac.uk/ NERC DataGrid] and [http://www.earthsystemgrid.org Earth System Grid] [http://cmip-pcmdi.llnl.gov/cmip5/ CMIP5] security. architecture. Both use a federation model for access control and SAML 2.0 was selected to provide the interfaces for attribute and authorisation decision queries. This implementation is based on the Java [www.opensaml.org/ OpenSAML] code. The code uses !ElementTree for serialisation to and parsing from XML but an API makes it easily extendable to use other Python XML parsers if desired. == Example Code == {{{ from ndg.saml.saml2.core import (AttributeQuery, SAMLVersion, Issuer, Subject, NameID, Attribute, XSStringAttributeValue) from uuid import uuid4 from datetime import datetime attributeQuery = AttributeQuery() attributeQuery.version = SAMLVersion(SAMLVersion.VERSION_20) attributeQuery.id = str(uuid4()) attributeQuery.issueInstant = datetime.utcnow() attributeQuery.issuer = Issuer() attributeQuery.issuer.format = Issuer.X509_SUBJECT attributeQuery.issuer.value = '/O=NDG/OU=BADC/CN=PolicyInformationPoint' attributeQuery.subject = Subject() attributeQuery.subject.nameID = NameID() attributeQuery.subject.nameID.format = NameID.X509_SUBJECT attributeQuery.subject.nameID.value = '/O=NDG/OU=BADC/CN=PhilipKershaw' # special case handling for 'LastName' attribute emailAddressAttribute = Attribute() emailAddressAttribute.name = "urn:esg:email:address" emailAddressAttribute.nameFormat = "%s#%s" % ( XSStringAttributeValue.TYPE_NAME.namespaceURI, XSStringAttributeValue.TYPE_NAME.localPart) emailAddress = XSStringAttributeValue() emailAddress.value = 'pjk@somewhere.ac.uk' emailAddressAttribute.attributeValues.append(emailAddress) attributeQuery.attributes.append(emailAddressAttribute) # Convert to ElementTree representation from ndg.saml.xml.etree import AttributeQueryElementTree, prettyPrint elem = AttributeQueryElementTree.toXML(attributeQuery) # Serialise as string xmlOut = prettyPrint(elem) print(xmlOut) }}} Produces: {{{ /O=NDG/OU=BADC/CN=PolicyInformationPoint /O=NDG/OU=BADC/CN=PhilipKershaw pjk@somewhere.ac.uk }}} == Repository == http://proj.badc.rl.ac.uk/ndg/browser/TI12-security/trunk/ndg_saml == Installation == The code is available on PyPI at http://pypi.python.org/pypi/ndg-saml/0.4. {{{ $ sudo easy_install ndg_saml }}} == Unit Tests == See the `ndg.saml.test.test_saml` module. == Development Status == Development has focussed on the Assertion Query/Request Profile to support `AttributeQuery` and `AuthzDecisionQuery` as needed for NDG and ESG. Where possible code stubs have been provided for the other core classes. SOAP client and server (WSGI based) binding code has been developed for SOAP transport but have not yet been merged from the NDG Security development trunk. See: * [http://proj.badc.rl.ac.uk/ndg/browser/TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/saml_utils/binding/soap Client bindings] * [http://proj.badc.rl.ac.uk/ndg/browser/TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/wsgi/saml/__init__.py SOAP Query Interface WSGI middleware] ---- Philip Kershaw