SAML¶
Interface¶
For SAML automations, it is possible to define a custom function for handling the “User Logged In” event. This function will be called when the user logs in using SAML.
User Logged In¶
You can implement your own handle function to handle the “User Logged In” event for SAML. By default the following function is used:
- fair_wizard.automation.saml.handle_saml_user_logged_in(saml_event: SamlUserLoggedInEvent) AuthorizedUserResponse | ForbiddenResponse | ErrorResponse[source]¶
Default handle function for “SAML User Logged In” event.
- Parameters:
saml_event – incoming
SamlUserLoggedInEventevent- Returns:
resulting
UserLoginResponseresponse
Your handle function must have the same signature, i.e. accept SamlUserLoggedInEvent as the argument and return UserLoginResponse.
Model¶
- pydantic model fair_wizard.automation.saml.model.Assertion[source]¶
Show JSON schema
{ "title": "Assertion", "type": "object", "properties": { "assertionId": { "title": "Assertionid", "type": "string" }, "assertionIssued": { "format": "date-time", "title": "Assertionissued", "type": "string" }, "assertionIssuer": { "title": "Assertionissuer", "type": "string" }, "assertionSubject": { "$ref": "#/$defs/Subject" }, "assertionConditions": { "$ref": "#/$defs/Conditions" }, "assertionAuthnStatement": { "$ref": "#/$defs/AuthnStatement" }, "assertionAttributeStatement": { "items": { "$ref": "#/$defs/AssertionAttribute" }, "title": "Assertionattributestatement", "type": "array" } }, "$defs": { "AssertionAttribute": { "properties": { "attributeName": { "title": "Attributename", "type": "string" }, "attributeFriendlyName": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "title": "Attributefriendlyname" }, "attributeNameFormat": { "title": "Attributenameformat", "type": "string" }, "attributeValue": { "title": "Attributevalue", "type": "string" } }, "required": [ "attributeName", "attributeFriendlyName", "attributeNameFormat", "attributeValue" ], "title": "AssertionAttribute", "type": "object" }, "AudienceRestriction": { "properties": { "audienceRestrictionAudience": { "items": { "type": "string" }, "title": "Audiencerestrictionaudience", "type": "array" } }, "required": [ "audienceRestrictionAudience" ], "title": "AudienceRestriction", "type": "object" }, "AuthnStatement": { "properties": { "authnStatementInstant": { "format": "date-time", "title": "Authnstatementinstant", "type": "string" }, "authnStatementSessionIndex": { "title": "Authnstatementsessionindex", "type": "string" }, "authnStatementLocality": { "title": "Authnstatementlocality", "type": "string" } }, "required": [ "authnStatementInstant", "authnStatementSessionIndex", "authnStatementLocality" ], "title": "AuthnStatement", "type": "object" }, "Conditions": { "properties": { "conditionsNotBefore": { "format": "date-time", "title": "Conditionsnotbefore", "type": "string" }, "conditionsNotOnOrAfter": { "format": "date-time", "title": "Conditionsnotonorafter", "type": "string" }, "conditionsAudienceRestrictions": { "items": { "$ref": "#/$defs/AudienceRestriction" }, "title": "Conditionsaudiencerestrictions", "type": "array" } }, "required": [ "conditionsNotBefore", "conditionsNotOnOrAfter", "conditionsAudienceRestrictions" ], "title": "Conditions", "type": "object" }, "NameID": { "properties": { "nameIDQualifier": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "title": "Nameidqualifier" }, "nameIDSPNameQualifier": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "title": "Nameidspnamequalifier" }, "nameIDSPProvidedID": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "title": "Nameidspprovidedid" }, "nameIDFormat": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "title": "Nameidformat" }, "nameIDValue": { "title": "Nameidvalue", "type": "string" } }, "required": [ "nameIDQualifier", "nameIDSPNameQualifier", "nameIDSPProvidedID", "nameIDFormat", "nameIDValue" ], "title": "NameID", "type": "object" }, "Subject": { "properties": { "subjectConfirmations": { "items": { "$ref": "#/$defs/SubjectConfirmation" }, "title": "Subjectconfirmations", "type": "array" }, "subjectNameID": { "$ref": "#/$defs/NameID" } }, "required": [ "subjectConfirmations", "subjectNameID" ], "title": "Subject", "type": "object" }, "SubjectConfirmation": { "properties": { "subjectConfirmationMethod": { "title": "Subjectconfirmationmethod", "type": "string" }, "subjectConfirmationAddress": { "title": "Subjectconfirmationaddress", "type": "string" }, "subjectConfirmationNotOnOrAfter": { "format": "date-time", "title": "Subjectconfirmationnotonorafter", "type": "string" }, "subjectConfirmationRecipient": { "title": "Subjectconfirmationrecipient", "type": "string" } }, "required": [ "subjectConfirmationMethod", "subjectConfirmationAddress", "subjectConfirmationNotOnOrAfter", "subjectConfirmationRecipient" ], "title": "SubjectConfirmation", "type": "object" } }, "required": [ "assertionId", "assertionIssued", "assertionIssuer", "assertionSubject", "assertionConditions", "assertionAuthnStatement", "assertionAttributeStatement" ] }
- Fields:
- field attribute_statement: list[AssertionAttribute] [Required] (alias 'assertionAttributeStatement')¶
- field authn_statement: AuthnStatement [Required] (alias 'assertionAuthnStatement')¶
- field conditions: Conditions [Required] (alias 'assertionConditions')¶
- field id: str [Required] (alias 'assertionId')¶
- field issued: datetime [Required] (alias 'assertionIssued')¶
- field issuer: str [Required] (alias 'assertionIssuer')¶
- pydantic model fair_wizard.automation.saml.model.AssertionAttribute[source]¶
Show JSON schema
{ "title": "AssertionAttribute", "type": "object", "properties": { "attributeName": { "title": "Attributename", "type": "string" }, "attributeFriendlyName": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "title": "Attributefriendlyname" }, "attributeNameFormat": { "title": "Attributenameformat", "type": "string" }, "attributeValue": { "title": "Attributevalue", "type": "string" } }, "required": [ "attributeName", "attributeFriendlyName", "attributeNameFormat", "attributeValue" ] }
- field friendly_name: str | None [Required] (alias 'attributeFriendlyName')¶
- field name: str [Required] (alias 'attributeName')¶
- field name_format: str [Required] (alias 'attributeNameFormat')¶
- field value: str [Required] (alias 'attributeValue')¶
- pydantic model fair_wizard.automation.saml.model.AudienceRestriction[source]¶
Show JSON schema
{ "title": "AudienceRestriction", "type": "object", "properties": { "audienceRestrictionAudience": { "items": { "type": "string" }, "title": "Audiencerestrictionaudience", "type": "array" } }, "required": [ "audienceRestrictionAudience" ] }
- Fields:
- field audience: list[str] [Required] (alias 'audienceRestrictionAudience')¶
- pydantic model fair_wizard.automation.saml.model.AuthnStatement[source]¶
Show JSON schema
{ "title": "AuthnStatement", "type": "object", "properties": { "authnStatementInstant": { "format": "date-time", "title": "Authnstatementinstant", "type": "string" }, "authnStatementSessionIndex": { "title": "Authnstatementsessionindex", "type": "string" }, "authnStatementLocality": { "title": "Authnstatementlocality", "type": "string" } }, "required": [ "authnStatementInstant", "authnStatementSessionIndex", "authnStatementLocality" ] }
- field instant: datetime [Required] (alias 'authnStatementInstant')¶
- field locality: str [Required] (alias 'authnStatementLocality')¶
- field session_index: str [Required] (alias 'authnStatementSessionIndex')¶
- pydantic model fair_wizard.automation.saml.model.Conditions[source]¶
Show JSON schema
{ "title": "Conditions", "type": "object", "properties": { "conditionsNotBefore": { "format": "date-time", "title": "Conditionsnotbefore", "type": "string" }, "conditionsNotOnOrAfter": { "format": "date-time", "title": "Conditionsnotonorafter", "type": "string" }, "conditionsAudienceRestrictions": { "items": { "$ref": "#/$defs/AudienceRestriction" }, "title": "Conditionsaudiencerestrictions", "type": "array" } }, "$defs": { "AudienceRestriction": { "properties": { "audienceRestrictionAudience": { "items": { "type": "string" }, "title": "Audiencerestrictionaudience", "type": "array" } }, "required": [ "audienceRestrictionAudience" ], "title": "AudienceRestriction", "type": "object" } }, "required": [ "conditionsNotBefore", "conditionsNotOnOrAfter", "conditionsAudienceRestrictions" ] }
- Fields:
- field audience_restrictions: list[AudienceRestriction] [Required] (alias 'conditionsAudienceRestrictions')¶
- field no_before: datetime [Required] (alias 'conditionsNotBefore')¶
- field not_on_or_after: datetime [Required] (alias 'conditionsNotOnOrAfter')¶
- pydantic model fair_wizard.automation.saml.model.NameID[source]¶
Show JSON schema
{ "title": "NameID", "type": "object", "properties": { "nameIDQualifier": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "title": "Nameidqualifier" }, "nameIDSPNameQualifier": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "title": "Nameidspnamequalifier" }, "nameIDSPProvidedID": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "title": "Nameidspprovidedid" }, "nameIDFormat": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "title": "Nameidformat" }, "nameIDValue": { "title": "Nameidvalue", "type": "string" } }, "required": [ "nameIDQualifier", "nameIDSPNameQualifier", "nameIDSPProvidedID", "nameIDFormat", "nameIDValue" ] }
- Fields:
- field format: str | None [Required] (alias 'nameIDFormat')¶
- field qualifier: str | None [Required] (alias 'nameIDQualifier')¶
- field sp_name_qualifier: str | None [Required] (alias 'nameIDSPNameQualifier')¶
- field sp_provided_id: str | None [Required] (alias 'nameIDSPProvidedID')¶
- field value: str [Required] (alias 'nameIDValue')¶
- pydantic model fair_wizard.automation.saml.model.SamlUserLoggedInEvent[source]¶
Show JSON schema
{ "title": "SamlUserLoggedInEvent", "type": "object", "properties": { "assertion": { "$ref": "#/$defs/Assertion" } }, "$defs": { "Assertion": { "properties": { "assertionId": { "title": "Assertionid", "type": "string" }, "assertionIssued": { "format": "date-time", "title": "Assertionissued", "type": "string" }, "assertionIssuer": { "title": "Assertionissuer", "type": "string" }, "assertionSubject": { "$ref": "#/$defs/Subject" }, "assertionConditions": { "$ref": "#/$defs/Conditions" }, "assertionAuthnStatement": { "$ref": "#/$defs/AuthnStatement" }, "assertionAttributeStatement": { "items": { "$ref": "#/$defs/AssertionAttribute" }, "title": "Assertionattributestatement", "type": "array" } }, "required": [ "assertionId", "assertionIssued", "assertionIssuer", "assertionSubject", "assertionConditions", "assertionAuthnStatement", "assertionAttributeStatement" ], "title": "Assertion", "type": "object" }, "AssertionAttribute": { "properties": { "attributeName": { "title": "Attributename", "type": "string" }, "attributeFriendlyName": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "title": "Attributefriendlyname" }, "attributeNameFormat": { "title": "Attributenameformat", "type": "string" }, "attributeValue": { "title": "Attributevalue", "type": "string" } }, "required": [ "attributeName", "attributeFriendlyName", "attributeNameFormat", "attributeValue" ], "title": "AssertionAttribute", "type": "object" }, "AudienceRestriction": { "properties": { "audienceRestrictionAudience": { "items": { "type": "string" }, "title": "Audiencerestrictionaudience", "type": "array" } }, "required": [ "audienceRestrictionAudience" ], "title": "AudienceRestriction", "type": "object" }, "AuthnStatement": { "properties": { "authnStatementInstant": { "format": "date-time", "title": "Authnstatementinstant", "type": "string" }, "authnStatementSessionIndex": { "title": "Authnstatementsessionindex", "type": "string" }, "authnStatementLocality": { "title": "Authnstatementlocality", "type": "string" } }, "required": [ "authnStatementInstant", "authnStatementSessionIndex", "authnStatementLocality" ], "title": "AuthnStatement", "type": "object" }, "Conditions": { "properties": { "conditionsNotBefore": { "format": "date-time", "title": "Conditionsnotbefore", "type": "string" }, "conditionsNotOnOrAfter": { "format": "date-time", "title": "Conditionsnotonorafter", "type": "string" }, "conditionsAudienceRestrictions": { "items": { "$ref": "#/$defs/AudienceRestriction" }, "title": "Conditionsaudiencerestrictions", "type": "array" } }, "required": [ "conditionsNotBefore", "conditionsNotOnOrAfter", "conditionsAudienceRestrictions" ], "title": "Conditions", "type": "object" }, "NameID": { "properties": { "nameIDQualifier": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "title": "Nameidqualifier" }, "nameIDSPNameQualifier": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "title": "Nameidspnamequalifier" }, "nameIDSPProvidedID": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "title": "Nameidspprovidedid" }, "nameIDFormat": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "title": "Nameidformat" }, "nameIDValue": { "title": "Nameidvalue", "type": "string" } }, "required": [ "nameIDQualifier", "nameIDSPNameQualifier", "nameIDSPProvidedID", "nameIDFormat", "nameIDValue" ], "title": "NameID", "type": "object" }, "Subject": { "properties": { "subjectConfirmations": { "items": { "$ref": "#/$defs/SubjectConfirmation" }, "title": "Subjectconfirmations", "type": "array" }, "subjectNameID": { "$ref": "#/$defs/NameID" } }, "required": [ "subjectConfirmations", "subjectNameID" ], "title": "Subject", "type": "object" }, "SubjectConfirmation": { "properties": { "subjectConfirmationMethod": { "title": "Subjectconfirmationmethod", "type": "string" }, "subjectConfirmationAddress": { "title": "Subjectconfirmationaddress", "type": "string" }, "subjectConfirmationNotOnOrAfter": { "format": "date-time", "title": "Subjectconfirmationnotonorafter", "type": "string" }, "subjectConfirmationRecipient": { "title": "Subjectconfirmationrecipient", "type": "string" } }, "required": [ "subjectConfirmationMethod", "subjectConfirmationAddress", "subjectConfirmationNotOnOrAfter", "subjectConfirmationRecipient" ], "title": "SubjectConfirmation", "type": "object" } }, "required": [ "assertion" ] }
- pydantic model fair_wizard.automation.saml.model.Subject[source]¶
Show JSON schema
{ "title": "Subject", "type": "object", "properties": { "subjectConfirmations": { "items": { "$ref": "#/$defs/SubjectConfirmation" }, "title": "Subjectconfirmations", "type": "array" }, "subjectNameID": { "$ref": "#/$defs/NameID" } }, "$defs": { "NameID": { "properties": { "nameIDQualifier": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "title": "Nameidqualifier" }, "nameIDSPNameQualifier": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "title": "Nameidspnamequalifier" }, "nameIDSPProvidedID": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "title": "Nameidspprovidedid" }, "nameIDFormat": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "title": "Nameidformat" }, "nameIDValue": { "title": "Nameidvalue", "type": "string" } }, "required": [ "nameIDQualifier", "nameIDSPNameQualifier", "nameIDSPProvidedID", "nameIDFormat", "nameIDValue" ], "title": "NameID", "type": "object" }, "SubjectConfirmation": { "properties": { "subjectConfirmationMethod": { "title": "Subjectconfirmationmethod", "type": "string" }, "subjectConfirmationAddress": { "title": "Subjectconfirmationaddress", "type": "string" }, "subjectConfirmationNotOnOrAfter": { "format": "date-time", "title": "Subjectconfirmationnotonorafter", "type": "string" }, "subjectConfirmationRecipient": { "title": "Subjectconfirmationrecipient", "type": "string" } }, "required": [ "subjectConfirmationMethod", "subjectConfirmationAddress", "subjectConfirmationNotOnOrAfter", "subjectConfirmationRecipient" ], "title": "SubjectConfirmation", "type": "object" } }, "required": [ "subjectConfirmations", "subjectNameID" ] }
- Fields:
- field confirmations: list[SubjectConfirmation] [Required] (alias 'subjectConfirmations')¶
- pydantic model fair_wizard.automation.saml.model.SubjectConfirmation[source]¶
Show JSON schema
{ "title": "SubjectConfirmation", "type": "object", "properties": { "subjectConfirmationMethod": { "title": "Subjectconfirmationmethod", "type": "string" }, "subjectConfirmationAddress": { "title": "Subjectconfirmationaddress", "type": "string" }, "subjectConfirmationNotOnOrAfter": { "format": "date-time", "title": "Subjectconfirmationnotonorafter", "type": "string" }, "subjectConfirmationRecipient": { "title": "Subjectconfirmationrecipient", "type": "string" } }, "required": [ "subjectConfirmationMethod", "subjectConfirmationAddress", "subjectConfirmationNotOnOrAfter", "subjectConfirmationRecipient" ] }
- field address: str [Required] (alias 'subjectConfirmationAddress')¶
- field method: str [Required] (alias 'subjectConfirmationMethod')¶
- field notOnOrAfter: datetime [Required] (alias 'subjectConfirmationNotOnOrAfter')¶
- field recipient: str [Required] (alias 'subjectConfirmationRecipient')¶
Helpers¶
This module contains additional helper functions to use SAML models.
- fair_wizard.automation.saml.helpers.get_email(saml_event: SamlUserLoggedInEvent) str | None[source]¶
Extracts the email from the SAML event.
- Parameters:
saml_event – SAML event
- Returns:
email if found, None otherwise
- fair_wizard.automation.saml.helpers.get_first_name(saml_event: SamlUserLoggedInEvent) str | None[source]¶
Extracts the first name from the SAML event.
- Parameters:
saml_event – SAML event
- Returns:
first name if found, None otherwise
- fair_wizard.automation.saml.helpers.get_last_name(saml_event: SamlUserLoggedInEvent) str | None[source]¶
Extracts the last name from the SAML event.
- Parameters:
saml_event – SAML event
- Returns:
last name if found, None otherwise