11

I new to SSO and I've only tried pysaml2 by far.

I am also aware of python3-saml library (and its python-saml Python 2 flavour).

I need to use one of those with Shibboleth, if it is relevant.

What are the pros and cons of pysaml2 and python3-saml?

Update:

As for 2019, I still find python3-saml to be the best option if you need to implement an SP. It is not flawless (sorry @smartin, hhehe), but it will give you much less headache than pysaml2.

Art
  • 2,235
  • 18
  • 34

1 Answers1

13

Both projects are compatible with Shibboleth.

pysaml2 is older than python3-saml, right now both support py2 and py3. Both are kinda active and documented.

python3-saml follows the structure of Onelogin's SAML toolkit so if you used any other toolkit before (php-saml, ruby-saml, java-saml), will be easy for you to handle with it (similar methods, same settings).

Differences

Crypto:

  • pysaml2 uses as dependecy pycryptodome to handle with cryptography and implements its own xmldsig and xmlenc classes (to manipulate signatures and encryption on XMLs).
  • python3-saml uses as dependecy python-xmlsec and delegates on it the signature/encryption of XML elements.

Functionality:

  • pysaml2 let you deploy an Identity Provider or a Service Provider
  • python3-saml is focused on the Service Provider

Settings:

In my opinion, python3-saml is easier than pysaml2, settings are more precise and its repo contains code examples on how integrate a django or a flask app and a guide at the docs.

Note: I'm the author of python3-saml

smartin
  • 2,957
  • 2
  • 23
  • 33
  • Any guides on how to use pysaml2 for Odoo with Shiboleth? – Yaseen Shareef Aug 09 '17 at 11:00
  • How to provide URI in in SSO metadata ? Help is much appreciated. – Ankur Sharma Jun 05 '18 at 08:34
  • I just come from trying to integrate my existing authentication mechanisms with pysaml2, and I'd just like to emphasize how easily you are completely right on this account. – mar77i May 07 '20 at 22:54
  • I tried today to work with both libraries. `pysaml2`'s example didn't work while the one in `python3-saml` works. There is an example website that make it clear to see whats going on. I recommend the chrome extension `SAML-tracer` to see the requests on the fly. – MyNick Oct 25 '20 at 13:47