Metadata-Version: 1.1
Name: cubicweb-saml
Version: 0.2.3
Summary: SAML2 authentifier
Home-page: https://www.cubicweb.org/project/cubicweb-saml
Author: LOGILAB S.A. (Paris, FRANCE)
Author-email: contact@logilab.fr
License: LGPL
Description: Cubicweb-SAML
        =============
        SAML2 authentifier for cubicweb. This cube allow to authenticate from a SAML2
        provider with cubicweb login form.
        
        Installation
        ------------
        The first step is to install cubicweb-saml into your python environment:
        ::
        
            pip install cubicweb-saml
        
        To add this cube into your cubicweb instance:
        ::
        
            cubicweb-ctl shell <your_app>
            >>> add_cube('saml')
            >>> exit
        
        To generate SAML related option in all-in-one.conf:
        ::
        
            cubicweb-ctl upgrade <your_app>
        
        Configuration
        -------------
        To configure cubicweb-saml metadata, open ``sources.conf`` from cubicweb
        instances folder (by default ``$HOME/etc/cubicweb.d/<instance>``):
        ::
        
            [SAML]
        
            # SAML v2 metadata uri which can be read from a file (file://<absolute_path>)
            # or retrieved from a specific URL(http[s]://...)
            saml-metadata-uri=
        
            # The globally unique identifier of the entity.
            saml-entity-id=
        
        To configure cubicweb-saml options, open ``all-in-one.conf`` in the same
        directory:
        ::
        
            [SAML]
        
            # Don't verify that the incoming requests originate from us via the built-in
            # cache for authn request ids in pysaml2
            saml-allow-unsolicited=yes
        
            # Indicates if the Authentication Requests sent by this SP should be signed by
            # default.
            saml-authn-requests-signed=no
        
            # Indicates if this entity will sign the Logout Requests originated from it.
            saml-logout-requests-signed=yes
        
            # Indicates if this SP wants the IdP to send the assertions signed. This sets
            # the WantAssertionsSigned attribute of the SPSSODescriptor node of the
            # metadata so the IdP will know this SP preference.
            saml-want-assertions-signed=yes
        
            # Indicates that Authentication Responses to this SP must be signed. If set to
            # True, the SP will not consume any SAML Responses that are not signed.
            saml-want-response-signed=no
        
Platform: UNKNOWN
Classifier: Environment :: Web Environment
Classifier: Framework :: CubicWeb
Classifier: Programming Language :: Python
