You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
AUTHN_REQUESTS_SIGNED was not documented but in code.
LOGOUT_REQUESTS_SIGNED was not documented, but in code.
WANT_RESPONSE_SIGNED was documented as a False but True in code.
Copy file name to clipboardExpand all lines: README.md
+5-1
Original file line number
Diff line number
Diff line change
@@ -163,8 +163,10 @@ python setup.py install
163
163
'JWT_EXP': 60, # JWT expiry time in seconds
164
164
'FRONTEND_URL': 'https://myfrontendclient.com', # Redirect URL for the client if you are using JWT auth with DRF. See explanation below
165
165
'LOGIN_CASE_SENSITIVE': True, # whether of not to get the user in case_sentive mode
166
+
'AUTHN_REQUESTS_SIGNED': True, # Require each authentication request to be signed
167
+
'LOGOUT_REQUESTS_SIGNED': True, # Require each logout request to be signed
166
168
'WANT_ASSERTIONS_SIGNED': True, # Require each assertion to be signed
167
-
'WANT_RESPONSE_SIGNED': False, # Require response to be signed
169
+
'WANT_RESPONSE_SIGNED': True, # Require response to be signed
168
170
'ACCEPTED_TIME_DIFF': None, # Accepted time difference between your server and the Identity Provider
169
171
'ALLOWED_REDIRECT_HOSTS': ["https://myfrontendclient.com"], # Allowed hosts to redirect to using the ?next parameter
170
172
'TOKEN_REQUIRED': True, # Whether or not to require the token parameter in the SAML assertion
@@ -204,6 +206,8 @@ python setup.py install
204
206
|**JWT\_PUBLIC\_KEY** | Public key to decode the signed JWT token. | `str` or `bytes` | `'--- YOUR PUBLIC KEY ---'` | |
205
207
|**JWT\_EXP** | JWT expiry time in seconds | `int` | 60 | |
206
208
|**FRONTEND\_URL** | If `USE_JWT` is `True`, you should set the URL to where your frontend is located (will default to `DEFAULT_NEXT_URL` if you fail to do so). Once the client is authenticated through the SAML SSO, your client is redirected to the `FRONTEND_URL` with the JWT token as `token` query parameter. Example: `https://app.example.com/?&token=<your.jwt.token`. With the token, your SPA can now authenticate with your API. | `str` | `admin:index` | |
209
+
|**AUTHN\_REQUESTS\_SIGNED** | Set this to `False` if your provider doesn't sign each authorization request. | `bool` | `True` |
210
+
|**LOGOUT\_REQUESTS\_SIGNED** | Set this to `False` if your provider doesn't sign each logout request. | `bool` | `True` | |
207
211
|**WANT\_ASSERTIONS\_SIGNED** | Set this to `False` if your provider doesn't sign each assertion. | `bool` | `True` | |
208
212
|**WANT\_RESPONSE\_SIGNED** | Set this to `False` if you don't want your provider to sign the response. | `bool` | `True` | |
209
213
|**ACCEPTED\_TIME\_DIFF** | Sets the [accepted time diff](https://pysaml2.readthedocs.io/en/latest/howto/config.html#accepted-time-diff) in seconds | `int` or `None` | `None` | |
0 commit comments