Python SSO: pysaml2 and python3-saml

Question

I new to SSO and I've only tried pysaml2 by far.

I am also aware of python3-saml library (and its python-saml Python 2 flavour).

I need to use one of those with Shibboleth, if it is relevant.

What are the pros and cons of pysaml2 and python3-saml?

---

Update:

As for 2019, I still find python3-saml to be the best option if you need to implement an SP. It is not flawless (sorry @smartin, hhehe), but it will give you much less headache than pysaml2.

Answer 1

Both projects are compatible with Shibboleth.

pysaml2 is older than python3-saml, right now both support py2 and py3. Both are kinda active and documented.

python3-saml follows the structure of Onelogin's SAML toolkit so if you used any other toolkit before (php-saml, ruby-saml, java-saml), will be easy for you to handle with it (similar methods, same settings).

Differences

Crypto:

• pysaml2 uses as dependecy pycryptodome to handle with cryptography and implements its own xmldsig and xmlenc classes (to manipulate signatures and encryption on XMLs).
• python3-saml uses as dependecy python-xmlsec and delegates on it the signature/encryption of XML elements.

Functionality:

• pysaml2 let you deploy an Identity Provider or a Service Provider
• python3-saml is focused on the Service Provider

Settings:

In my opinion, python3-saml is easier than pysaml2, settings are more precise and its repo contains code examples on how integrate a django or a flask app and a guide at the docs.

Note: I'm the author of python3-saml