pygamlastan.core

Owned SAML 2.0 types plus the protocol constants and namespace URIs. Objects in this module wrap an owned gamlastan value; getters return plain Python values or further wrapped objects. The build-side types (NameId, Issuer, Attribute) have constructors; the rest are produced by parsing (see pygamlastan.xml) or by the profiles.

Functions

pygamlastan.core.generate_id() → str

Generate a fresh, random SAML id (an XML NCName, with a leading underscore) suitable for message and assertion ids.

pygamlastan.core.validate_entity_id(value: str) → str

Validate an entity id (non-empty, within length limits) and return it. Raises pygamlastan.SamlCoreError on an invalid value.

Build-side types

class pygamlastan.core.NameId(value, format=None, name_qualifier=None, sp_name_qualifier=None, sp_provided_id=None)

A SAML <NameID>.

value: str

format: str | None

name_qualifier: str | None

sp_name_qualifier: str | None

sp_provided_id: str | None

class pygamlastan.core.Issuer(value, format=None, name_qualifier=None, sp_name_qualifier=None)

A SAML <Issuer>. Exposes value, format, name_qualifier and sp_name_qualifier.

class pygamlastan.core.Attribute(name, values=None, name_format=None, friendly_name=None)

A SAML <Attribute>. values is a list of strings on construction.

name: str

name_format: str | None

friendly_name: str | None

values

All values as native Python objects (str / int / bool / bytes / NameId).

string_values: list[str]

Only the string-typed values, for convenience.

class pygamlastan.core.NameIdPolicy(format=None, sp_name_qualifier=None, allow_create=True)

A <NameIDPolicy>. Exposes format, sp_name_qualifier and allow_create.

Parsed types

These are returned by parsing and by the profiles; their attributes are read-only.

class pygamlastan.core.Assertion

id, issue_instant, issuer (Issuer), has_signature, subject (Subject | None), conditions (Conditions | None), authn_statements (list of AuthnStatement), attribute_statements (list of AttributeStatement).

class pygamlastan.core.Response

id, issue_instant, destination, in_response_to, issuer, has_signature, status (Status), assertions (list of Assertion), encrypted_assertion_count.

is_success() → bool

to_xml() → str

class pygamlastan.core.AuthnRequest

id, issue_instant, destination, issuer, has_signature, name_id_policy (NameIdPolicy | None), requested_authn_context (RequestedAuthnContext | None), scoping (Scoping | None), force_authn, is_passive, assertion_consumer_service_url, protocol_binding, provider_name.

to_xml() → str

class pygamlastan.core.Subject

name_id (NameId | None; None for an encrypted id) and subject_confirmations (list of SubjectConfirmation).

class pygamlastan.core.SubjectConfirmation

method, name_id, subject_confirmation_data (SubjectConfirmationData | None).

class pygamlastan.core.SubjectConfirmationData

not_before, not_on_or_after (aware datetime.datetime | None), recipient, in_response_to, address.

class pygamlastan.core.Conditions

not_before, not_on_or_after, one_time_use, audience_restrictions (list of AudienceRestriction), proxy_restriction (ProxyRestriction | None).

class pygamlastan.core.AudienceRestriction

audiences (list of str). matches(entity_id) -> bool().

class pygamlastan.core.ProxyRestriction

count (int | None), audiences (list of str).

class pygamlastan.core.AuthnStatement

authn_instant, session_index, session_not_on_or_after, subject_locality (SubjectLocality | None), authn_context (AuthnContext).

class pygamlastan.core.AuthnContext

authn_context_class_ref, authn_context_decl_ref, authenticating_authorities (list of str).

class pygamlastan.core.SubjectLocality

address, dns_name.

class pygamlastan.core.AttributeStatement

attributes (list of Attribute).

class pygamlastan.core.Status

status_code (StatusCode), status_message, status_detail. is_success() -> bool().

class pygamlastan.core.StatusCode

value, sub_status (StatusCode | None). is_success() -> bool().

class pygamlastan.core.RequestedAuthnContext

authn_context_class_refs (list of str), comparison (str).

class pygamlastan.core.Scoping

proxy_count, idp_list (list of str), requester_ids (list of str).

class pygamlastan.core.LogoutRequest

id, issue_instant, destination, issuer, reason, name_id (NameId | None), session_indexes (list of str). to_xml() -> str().

class pygamlastan.core.LogoutResponse

id, in_response_to, issuer, status. is_success(), to_xml().

Constants

Module-level string constants mirror the SAML 2.0 specification.

Bindings: BINDING_HTTP_REDIRECT, BINDING_HTTP_POST, BINDING_HTTP_ARTIFACT, BINDING_SOAP, BINDING_PAOS, BINDING_URI.

NameID formats: NAMEID_TRANSIENT, NAMEID_PERSISTENT, NAMEID_EMAIL, NAMEID_UNSPECIFIED, NAMEID_ENTITY, NAMEID_X509, NAMEID_WINDOWS, NAMEID_KERBEROS, NAMEID_ENCRYPTED.

Subject confirmation: CM_BEARER, CM_HOLDER_OF_KEY, CM_SENDER_VOUCHES.

Status codes: STATUS_SUCCESS, STATUS_REQUESTER, STATUS_RESPONDER, STATUS_VERSION_MISMATCH, STATUS_AUTHN_FAILED, STATUS_NO_AUTHN_CONTEXT, STATUS_REQUEST_DENIED, STATUS_UNKNOWN_PRINCIPAL.

Authentication context classes: AUTHN_CONTEXT_PASSWORD, AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT, AUTHN_CONTEXT_X509, AUTHN_CONTEXT_KERBEROS, AUTHN_CONTEXT_UNSPECIFIED.

Attribute name formats: ATTRNAME_FORMAT_URI, ATTRNAME_FORMAT_BASIC, ATTRNAME_FORMAT_UNSPECIFIED.

Namespaces: SAML_ASSERTION_NS, SAML_PROTOCOL_NS, SAML_METADATA_NS, XMLDSIG_NS, XMLENC_NS.