No description or website provided.
Clone or download
c00kiemon5ter Merge pull request #196 from c00kiemon5ter/refactor-internal-data-dep…

Refactor internal data to deprecate hashing

- Use the hasher micro-service to restore previous behaviour
- Use satosa.internal over satosa.internal_data
- Use satosa.internal.InternalData over satosa.internal_data.InternalRequest, satosa.internal_data.InternalResponse and satosa.backends.saml2.SAMLInternalResponse

For InternalData members:
- Use subject_id over user_id or name_id
- Use subject_type over user_id_hash_type
- Use attributes over approved_attributes
Latest commit f2bd0ad Nov 10, 2018


Build Status PyPI

A configurable proxy for translating between different authentication protocols such as SAML2, OpenID Connect and OAuth2.

Table of Contents

Use cases

In this section a set of use cases for the proxy is presented.


There are SAML2 service providers for example Box which is not able to handle multiple identity providers. For more information about how to set up, configure and run such a proxy instance please visit Single Service Provider<->Multiple Identity providers

If an identity provider can not communicate with service providers in for example a federation the can convert request and make the communication possible.

SAML2<->Social logins

This setup makes it possible to connect a SAML2 service provider to multiple social media identity providers such as Google and Facebook. The proxy makes it possible to mirror a identity provider by generating SAML2 metadata corresponding that provider and create dynamic endpoint which are connected to a single identity provider. For more information about how to set up, configure and run such a proxy instance please visit SAML2<->Social logins


The proxy is able to act as a proxy between a SAML2 service provider and a OpenID connect provider SAML2<->OIDC


If you have any questions regarding operations/deployment of SATOSA please use the satosa-users mailing list.