Matthew has a github repo that mocks up a SAML authentication flow using pytest. Pysaml is needed for a client to write more than one identity provider, and a service provider to test those identity providers -
https://github.com/xenophonf/mock-saml-flowHas a configuration for IdP and SP from his Satosa configuration.
There is some documentation for the configuration, but one challenge is the configuration is entirely a mapping. There's no typing hints, things aren't discoverable in his development environment.
Doesn't want to get into Flask, just wants to concentrate on using what paysaml2 calls a Server and a Client. However, there is no documentation on the classes and methods to use.
No API documentation
the simple examples included in code base just tell you how to run it; not how to use the code
one option is to go to the example code and try to figure out how to develop an SP or IdP, but reading the source code is really hard.
Another option - test suite. Not successful here either.
Next option - reading through Satosa code. Found Server class. There are no type annotations, no document string for the method to create. There is some document strings for the other functions, some params, some information, but not enough to know what to use when. Found the create_authn_response() method but there is no information on what should be provided for a good saml response or what structure it should follow - the only way to get this information is trial and error.
idpy-oidc documentation looked more promising
Encouraged by newer style for the documentation page.
Wanted to write a small RP - looked at client documentation
There is a workflow, describing the process and a high level overview of how oidc RPs work. Very helpful.
API documentation is lacking. No method signatures. For example, is issuer_id the only argument the begin() method takes? But the Tier1 API design is good.
No examples on how to instantiate the IdP
Left reading through the source code again, trying to intuit from example code and test code how to do it.
When looking to write code to have a test OP (to test RP) - Server code - the documentation only tells you how the configuration directives work. No API calls, no example code, no examples of instantiation.
SQLAlchemy ORM is an example of great documentation on how to get going - type annotations, explaining what each parameter is for, etc.
For mock saml - took 2 months to write 179 lines of code
Ivan is the person Matthew and Hannah will need to talk to to get their project going. First focus on SAML backend for Service, SAML Frontend for Idp. This won't give the complete picture but it's a start.
Ivan acknowledges there is not developer documentation
initial step to address docstrings
Need to define public API methods and documentation - this would 90-95% of what you can do with SAML
The examples are old, and sometimes create confusion (for example, the Server in pysaml2 is an IdP, the Server in examples is a wsgi server, the Server in Satosa is a proxy server).
A referenced example against a SAML trace would be very helpful