// the find
fangli/django-saml2-auth
Django SAML2 Authentication Made Easy. Easily integrate with SAML2 SSO identity providers like Okta
A thin wrapper around pysaml2 that handles SAML2 SSO login for Django apps. Drop it in, point it at your IdP metadata URL, and users get redirected to Okta/ADFS/whatever instead of the Django login page. Aimed at internal tools and admin panels that need SSO without writing pysaml2 plumbing from scratch.
Single required config key (METADATA_AUTO_CONF_URL) means you can be functional in 15 minutes. The trigger hooks (CREATE_USER, BEFORE_LOGIN) let you inject group assignment or profile sync without forking the library. ASSERTION_URL setting handles reverse proxy deployments correctly — a common gotcha that most SAML libraries ignore. JWT passthrough mode for DRF/SPA setups covers the second most common Django auth pattern.
Last commit was January 2024 and the README still documents Django 1.6/1.9 compatibility — the project is effectively in maintenance-only mode. No tests visible in the directory tree, which is a serious concern for auth code. The maintainer explicitly states most non-security PRs will be rejected, so if you need custom NameID handling or multi-IdP support you're forking. NEW_USER_PROFILE defaults new users to STAFF_STATUS: True, which is a footgun anyone who skims the config block will hit in production.