pygamlastan.bindings¶
HTTP-Redirect, HTTP-POST, and Artifact encode/decode over plain Python data.
See the Protocol bindings guide. Errors raise
pygamlastan.SamlBindingError.
Redirect¶
- pygamlastan.bindings.redirect_encode(saml_xml: bytes, is_request: bool, destination: str, relay_state: str | None = None, signer=None, sig_alg: str | None = None, unsafe_allow_weak_sha1: bool = False) str¶
Build a HTTP-Redirect URL carrying
saml_xml.is_requestselectsSAMLRequestvsSAMLResponse. Providesigner(pygamlastan.crypto.SamlSigner) andsig_algto sign the query. SHA-1 signature algorithms are rejected unlessunsafe_allow_weak_sha1=Trueis explicit.
- pygamlastan.bindings.redirect_decode(query: str, base_url: str = '') RedirectDecoded¶
Decode a redirect from its raw (still URL-encoded) query string. Do not URL-decode it first.
base_urlis the request URL without the query, used only for signature-input reconstruction.
- class pygamlastan.bindings.RedirectDecoded¶
saml_xml(bytes),saml_text(str),is_request(bool),relay_state,sig_alg,signature(bytes | None),signature_input.
POST¶
- pygamlastan.bindings.post_encode(saml_xml: bytes, is_request: bool, destination: str, relay_state: str | None = None) str¶
Build a self-submitting HTML form for the HTTP-POST binding.
- pygamlastan.bindings.post_decode(form_params: Sequence[tuple[str, str]] | Mapping[str, str], url: str = '', unsafe_allow_collapsed_form: bool = False) PostDecoded¶
Decode from already form-decoded POST parameters. Pass duplicate-preserving
(name, value)pairs from your framework’s MultiDict. Plain mappings are rejected by default because they may have already collapsed duplicate SAML parameters; passunsafe_allow_collapsed_form=Trueonly for legacy unsafe processing.
- class pygamlastan.bindings.PostDecoded¶
saml_xml(bytes),saml_text(str),is_request(bool),relay_state.
RelayState¶
- pygamlastan.bindings.validate_relay_state(value: str) None¶
Raise
pygamlastan.SamlBindingErrorifvalueexceeds the size limit or is unsafe.