Single-Sign-On & Current Plone affair?

I have just published a new version which avoids this problem.

@djay I was trying to configure dm.zope.saml2 in Plone 4.3 to use Microsoft with IdP. Then I was getting the error:

MetadataFetchError: MetadataFetchError for https://sts.windows.net/b5661350-c2e4-43dc-bce8-f003ddf8a3c4/: http://docs.oasis-open.org/wsfed/federation/200706 has no category typeBinding

I then added collective.saml2 to the buildout via mr.developer and the error stopped occurring.

Someone put collective.saml2 in pypi:

But this version is broken see:

It seems that the user who put it in pypi has no intention of adding new maintainers. So I ask if it would be possible to change the name of the product so I can put it in pypi. Is there a mirror with a correct version?

I alerted @dieter and the plone security team of this, back in november 2022. Wondering why there was no follow up from either.

Norbert via Plone Community wrote at 2024-6-10 22:17 +0000:

I alerted @dieter and the plone security team of this, back in november 2022. Wondering why there was no follow up from either.

I am only responsible for dm.zope.saml2 (not collective.saml2).

I am aware that someone who wants to integrate dm.zope.saml2 with
SAML authorities with extended metadata or
SAML messages (such as a MicroSoft identify provider)
may need to register additional XML-schemata with PyXB
(such that the metadata/messages are understood).
This is not a security issue, however.

The dm.saml2 documentation hints towards this problem
in section Dependencies --> PyXB with respect to
the "SAML2 context classes" (which are not known to
typical PyXB installations).

At the moment, I do not recommend the use of
dm.zope.saml2 to make Plone an SAML service provider
(difficult dependencies, quite difficult installation).
Instead, I would go for a standard SAML2 service provider
module for the WebServer and delegate SAML based authentication
to this module, communication via SAML related headers between
WebServer and Plone.
One will find corresponding details by searching the archives of this list.