Bind in djangosaml2

Our authn is provided via shibboleth
2017-03-26 15:37:30 +11:00 · 2017-03-26 15:37:30 +11:00 · 37a9b37499
commit 37a9b37499
parent c37ed61036
6 changed files with 820 additions and 1 deletions
--- a/pinaxcon/saml2/attribute-maps/basic.py
+++ b/pinaxcon/saml2/attribute-maps/basic.py
@ -0,0 +1,326 @@
+
+MAP = {
+    "identifier": "urn:oasis:names:tc:SAML:2.0:attrname-format:basic",
+    "fro": {
+        'urn:mace:dir:attribute-def:aRecord': 'aRecord',
+        'urn:mace:dir:attribute-def:aliasedEntryName': 'aliasedEntryName',
+        'urn:mace:dir:attribute-def:aliasedObjectName': 'aliasedObjectName',
+        'urn:mace:dir:attribute-def:associatedDomain': 'associatedDomain',
+        'urn:mace:dir:attribute-def:associatedName': 'associatedName',
+        'urn:mace:dir:attribute-def:audio': 'audio',
+        'urn:mace:dir:attribute-def:authorityRevocationList': 'authorityRevocationList',
+        'urn:mace:dir:attribute-def:buildingName': 'buildingName',
+        'urn:mace:dir:attribute-def:businessCategory': 'businessCategory',
+        'urn:mace:dir:attribute-def:c': 'c',
+        'urn:mace:dir:attribute-def:cACertificate': 'cACertificate',
+        'urn:mace:dir:attribute-def:cNAMERecord': 'cNAMERecord',
+        'urn:mace:dir:attribute-def:carLicense': 'carLicense',
+        'urn:mace:dir:attribute-def:certificateRevocationList': 'certificateRevocationList',
+        'urn:mace:dir:attribute-def:cn': 'cn',
+        'urn:mace:dir:attribute-def:co': 'co',
+        'urn:mace:dir:attribute-def:commonName': 'commonName',
+        'urn:mace:dir:attribute-def:countryName': 'countryName',
+        'urn:mace:dir:attribute-def:crossCertificatePair': 'crossCertificatePair',
+        'urn:mace:dir:attribute-def:dITRedirect': 'dITRedirect',
+        'urn:mace:dir:attribute-def:dSAQuality': 'dSAQuality',
+        'urn:mace:dir:attribute-def:dc': 'dc',
+        'urn:mace:dir:attribute-def:deltaRevocationList': 'deltaRevocationList',
+        'urn:mace:dir:attribute-def:departmentNumber': 'departmentNumber',
+        'urn:mace:dir:attribute-def:description': 'description',
+        'urn:mace:dir:attribute-def:destinationIndicator': 'destinationIndicator',
+        'urn:mace:dir:attribute-def:displayName': 'displayName',
+        'urn:mace:dir:attribute-def:distinguishedName': 'distinguishedName',
+        'urn:mace:dir:attribute-def:dmdName': 'dmdName',
+        'urn:mace:dir:attribute-def:dnQualifier': 'dnQualifier',
+        'urn:mace:dir:attribute-def:documentAuthor': 'documentAuthor',
+        'urn:mace:dir:attribute-def:documentIdentifier': 'documentIdentifier',
+        'urn:mace:dir:attribute-def:documentLocation': 'documentLocation',
+        'urn:mace:dir:attribute-def:documentPublisher': 'documentPublisher',
+        'urn:mace:dir:attribute-def:documentTitle': 'documentTitle',
+        'urn:mace:dir:attribute-def:documentVersion': 'documentVersion',
+        'urn:mace:dir:attribute-def:domainComponent': 'domainComponent',
+        'urn:mace:dir:attribute-def:drink': 'drink',
+        'urn:mace:dir:attribute-def:eduOrgHomePageURI': 'eduOrgHomePageURI',
+        'urn:mace:dir:attribute-def:eduOrgIdentityAuthNPolicyURI': 'eduOrgIdentityAuthNPolicyURI',
+        'urn:mace:dir:attribute-def:eduOrgLegalName': 'eduOrgLegalName',
+        'urn:mace:dir:attribute-def:eduOrgSuperiorURI': 'eduOrgSuperiorURI',
+        'urn:mace:dir:attribute-def:eduOrgWhitePagesURI': 'eduOrgWhitePagesURI',
+        'urn:mace:dir:attribute-def:eduPersonAffiliation': 'eduPersonAffiliation',
+        'urn:mace:dir:attribute-def:eduPersonEntitlement': 'eduPersonEntitlement',
+        'urn:mace:dir:attribute-def:eduPersonNickname': 'eduPersonNickname',
+        'urn:mace:dir:attribute-def:eduPersonOrgDN': 'eduPersonOrgDN',
+        'urn:mace:dir:attribute-def:eduPersonOrgUnitDN': 'eduPersonOrgUnitDN',
+        'urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation': 'eduPersonPrimaryAffiliation',
+        'urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN': 'eduPersonPrimaryOrgUnitDN',
+        'urn:mace:dir:attribute-def:eduPersonPrincipalName': 'eduPersonPrincipalName',
+        'urn:mace:dir:attribute-def:eduPersonScopedAffiliation': 'eduPersonScopedAffiliation',
+        'urn:mace:dir:attribute-def:eduPersonTargetedID': 'eduPersonTargetedID',
+        'urn:mace:dir:attribute-def:email': 'email',
+        'urn:mace:dir:attribute-def:emailAddress': 'emailAddress',
+        'urn:mace:dir:attribute-def:employeeNumber': 'employeeNumber',
+        'urn:mace:dir:attribute-def:employeeType': 'employeeType',
+        'urn:mace:dir:attribute-def:enhancedSearchGuide': 'enhancedSearchGuide',
+        'urn:mace:dir:attribute-def:facsimileTelephoneNumber': 'facsimileTelephoneNumber',
+        'urn:mace:dir:attribute-def:favouriteDrink': 'favouriteDrink',
+        'urn:mace:dir:attribute-def:fax': 'fax',
+        'urn:mace:dir:attribute-def:federationFeideSchemaVersion': 'federationFeideSchemaVersion',
+        'urn:mace:dir:attribute-def:friendlyCountryName': 'friendlyCountryName',
+        'urn:mace:dir:attribute-def:generationQualifier': 'generationQualifier',
+        'urn:mace:dir:attribute-def:givenName': 'givenName',
+        'urn:mace:dir:attribute-def:gn': 'gn',
+        'urn:mace:dir:attribute-def:homePhone': 'homePhone',
+        'urn:mace:dir:attribute-def:homePostalAddress': 'homePostalAddress',
+        'urn:mace:dir:attribute-def:homeTelephoneNumber': 'homeTelephoneNumber',
+        'urn:mace:dir:attribute-def:host': 'host',
+        'urn:mace:dir:attribute-def:houseIdentifier': 'houseIdentifier',
+        'urn:mace:dir:attribute-def:info': 'info',
+        'urn:mace:dir:attribute-def:initials': 'initials',
+        'urn:mace:dir:attribute-def:internationaliSDNNumber': 'internationaliSDNNumber',
+        'urn:mace:dir:attribute-def:janetMailbox': 'janetMailbox',
+        'urn:mace:dir:attribute-def:jpegPhoto': 'jpegPhoto',
+        'urn:mace:dir:attribute-def:knowledgeInformation': 'knowledgeInformation',
+        'urn:mace:dir:attribute-def:l': 'l',
+        'urn:mace:dir:attribute-def:labeledURI': 'labeledURI',
+        'urn:mace:dir:attribute-def:localityName': 'localityName',
+        'urn:mace:dir:attribute-def:mDRecord': 'mDRecord',
+        'urn:mace:dir:attribute-def:mXRecord': 'mXRecord',
+        'urn:mace:dir:attribute-def:mail': 'mail',
+        'urn:mace:dir:attribute-def:mailPreferenceOption': 'mailPreferenceOption',
+        'urn:mace:dir:attribute-def:manager': 'manager',
+        'urn:mace:dir:attribute-def:member': 'member',
+        'urn:mace:dir:attribute-def:mobile': 'mobile',
+        'urn:mace:dir:attribute-def:mobileTelephoneNumber': 'mobileTelephoneNumber',
+        'urn:mace:dir:attribute-def:nSRecord': 'nSRecord',
+        'urn:mace:dir:attribute-def:name': 'name',
+        'urn:mace:dir:attribute-def:norEduOrgAcronym': 'norEduOrgAcronym',
+        'urn:mace:dir:attribute-def:norEduOrgNIN': 'norEduOrgNIN',
+        'urn:mace:dir:attribute-def:norEduOrgSchemaVersion': 'norEduOrgSchemaVersion',
+        'urn:mace:dir:attribute-def:norEduOrgUniqueIdentifier': 'norEduOrgUniqueIdentifier',
+        'urn:mace:dir:attribute-def:norEduOrgUniqueNumber': 'norEduOrgUniqueNumber',
+        'urn:mace:dir:attribute-def:norEduOrgUnitUniqueIdentifier': 'norEduOrgUnitUniqueIdentifier',
+        'urn:mace:dir:attribute-def:norEduOrgUnitUniqueNumber': 'norEduOrgUnitUniqueNumber',
+        'urn:mace:dir:attribute-def:norEduPersonBirthDate': 'norEduPersonBirthDate',
+        'urn:mace:dir:attribute-def:norEduPersonLIN': 'norEduPersonLIN',
+        'urn:mace:dir:attribute-def:norEduPersonNIN': 'norEduPersonNIN',
+        'urn:mace:dir:attribute-def:o': 'o',
+        'urn:mace:dir:attribute-def:objectClass': 'objectClass',
+        'urn:mace:dir:attribute-def:organizationName': 'organizationName',
+        'urn:mace:dir:attribute-def:organizationalStatus': 'organizationalStatus',
+        'urn:mace:dir:attribute-def:organizationalUnitName': 'organizationalUnitName',
+        'urn:mace:dir:attribute-def:otherMailbox': 'otherMailbox',
+        'urn:mace:dir:attribute-def:ou': 'ou',
+        'urn:mace:dir:attribute-def:owner': 'owner',
+        'urn:mace:dir:attribute-def:pager': 'pager',
+        'urn:mace:dir:attribute-def:pagerTelephoneNumber': 'pagerTelephoneNumber',
+        'urn:mace:dir:attribute-def:personalSignature': 'personalSignature',
+        'urn:mace:dir:attribute-def:personalTitle': 'personalTitle',
+        'urn:mace:dir:attribute-def:photo': 'photo',
+        'urn:mace:dir:attribute-def:physicalDeliveryOfficeName': 'physicalDeliveryOfficeName',
+        'urn:mace:dir:attribute-def:pkcs9email': 'pkcs9email',
+        'urn:mace:dir:attribute-def:postOfficeBox': 'postOfficeBox',
+        'urn:mace:dir:attribute-def:postalAddress': 'postalAddress',
+        'urn:mace:dir:attribute-def:postalCode': 'postalCode',
+        'urn:mace:dir:attribute-def:preferredDeliveryMethod': 'preferredDeliveryMethod',
+        'urn:mace:dir:attribute-def:preferredLanguage': 'preferredLanguage',
+        'urn:mace:dir:attribute-def:presentationAddress': 'presentationAddress',
+        'urn:mace:dir:attribute-def:protocolInformation': 'protocolInformation',
+        'urn:mace:dir:attribute-def:pseudonym': 'pseudonym',
+        'urn:mace:dir:attribute-def:registeredAddress': 'registeredAddress',
+        'urn:mace:dir:attribute-def:rfc822Mailbox': 'rfc822Mailbox',
+        'urn:mace:dir:attribute-def:roleOccupant': 'roleOccupant',
+        'urn:mace:dir:attribute-def:roomNumber': 'roomNumber',
+        'urn:mace:dir:attribute-def:sOARecord': 'sOARecord',
+        'urn:mace:dir:attribute-def:searchGuide': 'searchGuide',
+        'urn:mace:dir:attribute-def:secretary': 'secretary',
+        'urn:mace:dir:attribute-def:seeAlso': 'seeAlso',
+        'urn:mace:dir:attribute-def:serialNumber': 'serialNumber',
+        'urn:mace:dir:attribute-def:singleLevelQuality': 'singleLevelQuality',
+        'urn:mace:dir:attribute-def:sn': 'sn',
+        'urn:mace:dir:attribute-def:st': 'st',
+        'urn:mace:dir:attribute-def:stateOrProvinceName': 'stateOrProvinceName',
+        'urn:mace:dir:attribute-def:street': 'street',
+        'urn:mace:dir:attribute-def:streetAddress': 'streetAddress',
+        'urn:mace:dir:attribute-def:subtreeMaximumQuality': 'subtreeMaximumQuality',
+        'urn:mace:dir:attribute-def:subtreeMinimumQuality': 'subtreeMinimumQuality',
+        'urn:mace:dir:attribute-def:supportedAlgorithms': 'supportedAlgorithms',
+        'urn:mace:dir:attribute-def:supportedApplicationContext': 'supportedApplicationContext',
+        'urn:mace:dir:attribute-def:surname': 'surname',
+        'urn:mace:dir:attribute-def:telephoneNumber': 'telephoneNumber',
+        'urn:mace:dir:attribute-def:teletexTerminalIdentifier': 'teletexTerminalIdentifier',
+        'urn:mace:dir:attribute-def:telexNumber': 'telexNumber',
+        'urn:mace:dir:attribute-def:textEncodedORAddress': 'textEncodedORAddress',
+        'urn:mace:dir:attribute-def:title': 'title',
+        'urn:mace:dir:attribute-def:uid': 'uid',
+        'urn:mace:dir:attribute-def:uniqueIdentifier': 'uniqueIdentifier',
+        'urn:mace:dir:attribute-def:uniqueMember': 'uniqueMember',
+        'urn:mace:dir:attribute-def:userCertificate': 'userCertificate',
+        'urn:mace:dir:attribute-def:userClass': 'userClass',
+        'urn:mace:dir:attribute-def:userPKCS12': 'userPKCS12',
+        'urn:mace:dir:attribute-def:userPassword': 'userPassword',
+        'urn:mace:dir:attribute-def:userSMIMECertificate': 'userSMIMECertificate',
+        'urn:mace:dir:attribute-def:userid': 'userid',
+        'urn:mace:dir:attribute-def:x121Address': 'x121Address',
+        'urn:mace:dir:attribute-def:x500UniqueIdentifier': 'x500UniqueIdentifier',
+        },
+    "to": {
+        'aRecord': 'urn:mace:dir:attribute-def:aRecord',
+        'aliasedEntryName': 'urn:mace:dir:attribute-def:aliasedEntryName',
+        'aliasedObjectName': 'urn:mace:dir:attribute-def:aliasedObjectName',
+        'associatedDomain': 'urn:mace:dir:attribute-def:associatedDomain',
+        'associatedName': 'urn:mace:dir:attribute-def:associatedName',
+        'audio': 'urn:mace:dir:attribute-def:audio',
+        'authorityRevocationList': 'urn:mace:dir:attribute-def:authorityRevocationList',
+        'buildingName': 'urn:mace:dir:attribute-def:buildingName',
+        'businessCategory': 'urn:mace:dir:attribute-def:businessCategory',
+        'c': 'urn:mace:dir:attribute-def:c',
+        'cACertificate': 'urn:mace:dir:attribute-def:cACertificate',
+        'cNAMERecord': 'urn:mace:dir:attribute-def:cNAMERecord',
+        'carLicense': 'urn:mace:dir:attribute-def:carLicense',
+        'certificateRevocationList': 'urn:mace:dir:attribute-def:certificateRevocationList',
+        'cn': 'urn:mace:dir:attribute-def:cn',
+        'co': 'urn:mace:dir:attribute-def:co',
+        'commonName': 'urn:mace:dir:attribute-def:commonName',
+        'countryName': 'urn:mace:dir:attribute-def:countryName',
+        'crossCertificatePair': 'urn:mace:dir:attribute-def:crossCertificatePair',
+        'dITRedirect': 'urn:mace:dir:attribute-def:dITRedirect',
+        'dSAQuality': 'urn:mace:dir:attribute-def:dSAQuality',
+        'dc': 'urn:mace:dir:attribute-def:dc',
+        'deltaRevocationList': 'urn:mace:dir:attribute-def:deltaRevocationList',
+        'departmentNumber': 'urn:mace:dir:attribute-def:departmentNumber',
+        'description': 'urn:mace:dir:attribute-def:description',
+        'destinationIndicator': 'urn:mace:dir:attribute-def:destinationIndicator',
+        'displayName': 'urn:mace:dir:attribute-def:displayName',
+        'distinguishedName': 'urn:mace:dir:attribute-def:distinguishedName',
+        'dmdName': 'urn:mace:dir:attribute-def:dmdName',
+        'dnQualifier': 'urn:mace:dir:attribute-def:dnQualifier',
+        'documentAuthor': 'urn:mace:dir:attribute-def:documentAuthor',
+        'documentIdentifier': 'urn:mace:dir:attribute-def:documentIdentifier',
+        'documentLocation': 'urn:mace:dir:attribute-def:documentLocation',
+        'documentPublisher': 'urn:mace:dir:attribute-def:documentPublisher',
+        'documentTitle': 'urn:mace:dir:attribute-def:documentTitle',
+        'documentVersion': 'urn:mace:dir:attribute-def:documentVersion',
+        'domainComponent': 'urn:mace:dir:attribute-def:domainComponent',
+        'drink': 'urn:mace:dir:attribute-def:drink',
+        'eduOrgHomePageURI': 'urn:mace:dir:attribute-def:eduOrgHomePageURI',
+        'eduOrgIdentityAuthNPolicyURI': 'urn:mace:dir:attribute-def:eduOrgIdentityAuthNPolicyURI',
+        'eduOrgLegalName': 'urn:mace:dir:attribute-def:eduOrgLegalName',
+        'eduOrgSuperiorURI': 'urn:mace:dir:attribute-def:eduOrgSuperiorURI',
+        'eduOrgWhitePagesURI': 'urn:mace:dir:attribute-def:eduOrgWhitePagesURI',
+        'eduPersonAffiliation': 'urn:mace:dir:attribute-def:eduPersonAffiliation',
+        'eduPersonEntitlement': 'urn:mace:dir:attribute-def:eduPersonEntitlement',
+        'eduPersonNickname': 'urn:mace:dir:attribute-def:eduPersonNickname',
+        'eduPersonOrgDN': 'urn:mace:dir:attribute-def:eduPersonOrgDN',
+        'eduPersonOrgUnitDN': 'urn:mace:dir:attribute-def:eduPersonOrgUnitDN',
+        'eduPersonPrimaryAffiliation': 'urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation',
+        'eduPersonPrimaryOrgUnitDN': 'urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN',
+        'eduPersonPrincipalName': 'urn:mace:dir:attribute-def:eduPersonPrincipalName',
+        'eduPersonScopedAffiliation': 'urn:mace:dir:attribute-def:eduPersonScopedAffiliation',
+        'eduPersonTargetedID': 'urn:mace:dir:attribute-def:eduPersonTargetedID',
+        'email': 'urn:mace:dir:attribute-def:email',
+        'emailAddress': 'urn:mace:dir:attribute-def:emailAddress',
+        'employeeNumber': 'urn:mace:dir:attribute-def:employeeNumber',
+        'employeeType': 'urn:mace:dir:attribute-def:employeeType',
+        'enhancedSearchGuide': 'urn:mace:dir:attribute-def:enhancedSearchGuide',
+        'facsimileTelephoneNumber': 'urn:mace:dir:attribute-def:facsimileTelephoneNumber',
+        'favouriteDrink': 'urn:mace:dir:attribute-def:favouriteDrink',
+        'fax': 'urn:mace:dir:attribute-def:fax',
+        'federationFeideSchemaVersion': 'urn:mace:dir:attribute-def:federationFeideSchemaVersion',
+        'friendlyCountryName': 'urn:mace:dir:attribute-def:friendlyCountryName',
+        'generationQualifier': 'urn:mace:dir:attribute-def:generationQualifier',
+        'givenName': 'urn:mace:dir:attribute-def:givenName',
+        'gn': 'urn:mace:dir:attribute-def:gn',
+        'homePhone': 'urn:mace:dir:attribute-def:homePhone',
+        'homePostalAddress': 'urn:mace:dir:attribute-def:homePostalAddress',
+        'homeTelephoneNumber': 'urn:mace:dir:attribute-def:homeTelephoneNumber',
+        'host': 'urn:mace:dir:attribute-def:host',
+        'houseIdentifier': 'urn:mace:dir:attribute-def:houseIdentifier',
+        'info': 'urn:mace:dir:attribute-def:info',
+        'initials': 'urn:mace:dir:attribute-def:initials',
+        'internationaliSDNNumber': 'urn:mace:dir:attribute-def:internationaliSDNNumber',
+        'janetMailbox': 'urn:mace:dir:attribute-def:janetMailbox',
+        'jpegPhoto': 'urn:mace:dir:attribute-def:jpegPhoto',
+        'knowledgeInformation': 'urn:mace:dir:attribute-def:knowledgeInformation',
+        'l': 'urn:mace:dir:attribute-def:l',
+        'labeledURI': 'urn:mace:dir:attribute-def:labeledURI',
+        'localityName': 'urn:mace:dir:attribute-def:localityName',
+        'mDRecord': 'urn:mace:dir:attribute-def:mDRecord',
+        'mXRecord': 'urn:mace:dir:attribute-def:mXRecord',
+        'mail': 'urn:mace:dir:attribute-def:mail',
+        'mailPreferenceOption': 'urn:mace:dir:attribute-def:mailPreferenceOption',
+        'manager': 'urn:mace:dir:attribute-def:manager',
+        'member': 'urn:mace:dir:attribute-def:member',
+        'mobile': 'urn:mace:dir:attribute-def:mobile',
+        'mobileTelephoneNumber': 'urn:mace:dir:attribute-def:mobileTelephoneNumber',
+        'nSRecord': 'urn:mace:dir:attribute-def:nSRecord',
+        'name': 'urn:mace:dir:attribute-def:name',
+        'norEduOrgAcronym': 'urn:mace:dir:attribute-def:norEduOrgAcronym',
+        'norEduOrgNIN': 'urn:mace:dir:attribute-def:norEduOrgNIN',
+        'norEduOrgSchemaVersion': 'urn:mace:dir:attribute-def:norEduOrgSchemaVersion',
+        'norEduOrgUniqueIdentifier': 'urn:mace:dir:attribute-def:norEduOrgUniqueIdentifier',
+        'norEduOrgUniqueNumber': 'urn:mace:dir:attribute-def:norEduOrgUniqueNumber',
+        'norEduOrgUnitUniqueIdentifier': 'urn:mace:dir:attribute-def:norEduOrgUnitUniqueIdentifier',
+        'norEduOrgUnitUniqueNumber': 'urn:mace:dir:attribute-def:norEduOrgUnitUniqueNumber',
+        'norEduPersonBirthDate': 'urn:mace:dir:attribute-def:norEduPersonBirthDate',
+        'norEduPersonLIN': 'urn:mace:dir:attribute-def:norEduPersonLIN',
+        'norEduPersonNIN': 'urn:mace:dir:attribute-def:norEduPersonNIN',
+        'o': 'urn:mace:dir:attribute-def:o',
+        'objectClass': 'urn:mace:dir:attribute-def:objectClass',
+        'organizationName': 'urn:mace:dir:attribute-def:organizationName',
+        'organizationalStatus': 'urn:mace:dir:attribute-def:organizationalStatus',
+        'organizationalUnitName': 'urn:mace:dir:attribute-def:organizationalUnitName',
+        'otherMailbox': 'urn:mace:dir:attribute-def:otherMailbox',
+        'ou': 'urn:mace:dir:attribute-def:ou',
+        'owner': 'urn:mace:dir:attribute-def:owner',
+        'pager': 'urn:mace:dir:attribute-def:pager',
+        'pagerTelephoneNumber': 'urn:mace:dir:attribute-def:pagerTelephoneNumber',
+        'personalSignature': 'urn:mace:dir:attribute-def:personalSignature',
+        'personalTitle': 'urn:mace:dir:attribute-def:personalTitle',
+        'photo': 'urn:mace:dir:attribute-def:photo',
+        'physicalDeliveryOfficeName': 'urn:mace:dir:attribute-def:physicalDeliveryOfficeName',
+        'pkcs9email': 'urn:mace:dir:attribute-def:pkcs9email',
+        'postOfficeBox': 'urn:mace:dir:attribute-def:postOfficeBox',
+        'postalAddress': 'urn:mace:dir:attribute-def:postalAddress',
+        'postalCode': 'urn:mace:dir:attribute-def:postalCode',
+        'preferredDeliveryMethod': 'urn:mace:dir:attribute-def:preferredDeliveryMethod',
+        'preferredLanguage': 'urn:mace:dir:attribute-def:preferredLanguage',
+        'presentationAddress': 'urn:mace:dir:attribute-def:presentationAddress',
+        'protocolInformation': 'urn:mace:dir:attribute-def:protocolInformation',
+        'pseudonym': 'urn:mace:dir:attribute-def:pseudonym',
+        'registeredAddress': 'urn:mace:dir:attribute-def:registeredAddress',
+        'rfc822Mailbox': 'urn:mace:dir:attribute-def:rfc822Mailbox',
+        'roleOccupant': 'urn:mace:dir:attribute-def:roleOccupant',
+        'roomNumber': 'urn:mace:dir:attribute-def:roomNumber',
+        'sOARecord': 'urn:mace:dir:attribute-def:sOARecord',
+        'searchGuide': 'urn:mace:dir:attribute-def:searchGuide',
+        'secretary': 'urn:mace:dir:attribute-def:secretary',
+        'seeAlso': 'urn:mace:dir:attribute-def:seeAlso',
+        'serialNumber': 'urn:mace:dir:attribute-def:serialNumber',
+        'singleLevelQuality': 'urn:mace:dir:attribute-def:singleLevelQuality',
+        'sn': 'urn:mace:dir:attribute-def:sn',
+        'st': 'urn:mace:dir:attribute-def:st',
+        'stateOrProvinceName': 'urn:mace:dir:attribute-def:stateOrProvinceName',
+        'street': 'urn:mace:dir:attribute-def:street',
+        'streetAddress': 'urn:mace:dir:attribute-def:streetAddress',
+        'subtreeMaximumQuality': 'urn:mace:dir:attribute-def:subtreeMaximumQuality',
+        'subtreeMinimumQuality': 'urn:mace:dir:attribute-def:subtreeMinimumQuality',
+        'supportedAlgorithms': 'urn:mace:dir:attribute-def:supportedAlgorithms',
+        'supportedApplicationContext': 'urn:mace:dir:attribute-def:supportedApplicationContext',
+        'surname': 'urn:mace:dir:attribute-def:surname',
+        'telephoneNumber': 'urn:mace:dir:attribute-def:telephoneNumber',
+        'teletexTerminalIdentifier': 'urn:mace:dir:attribute-def:teletexTerminalIdentifier',
+        'telexNumber': 'urn:mace:dir:attribute-def:telexNumber',
+        'textEncodedORAddress': 'urn:mace:dir:attribute-def:textEncodedORAddress',
+        'title': 'urn:mace:dir:attribute-def:title',
+        'uid': 'urn:mace:dir:attribute-def:uid',
+        'uniqueIdentifier': 'urn:mace:dir:attribute-def:uniqueIdentifier',
+        'uniqueMember': 'urn:mace:dir:attribute-def:uniqueMember',
+        'userCertificate': 'urn:mace:dir:attribute-def:userCertificate',
+        'userClass': 'urn:mace:dir:attribute-def:userClass',
+        'userPKCS12': 'urn:mace:dir:attribute-def:userPKCS12',
+        'userPassword': 'urn:mace:dir:attribute-def:userPassword',
+        'userSMIMECertificate': 'urn:mace:dir:attribute-def:userSMIMECertificate',
+        'userid': 'urn:mace:dir:attribute-def:userid',
+        'x121Address': 'urn:mace:dir:attribute-def:x121Address',
+        'x500UniqueIdentifier': 'urn:mace:dir:attribute-def:x500UniqueIdentifier',
+    }
+}
--- a/pinaxcon/saml2/attribute-maps/saml_uri.py
+++ b/pinaxcon/saml2/attribute-maps/saml_uri.py
@ -0,0 +1,241 @@
+__author__ = 'rolandh'
+
+EDUPERSON_OID = "urn:oid:1.3.6.1.4.1.5923.1.1.1."
+X500ATTR_OID = "urn:oid:2.5.4."
+NOREDUPERSON_OID = "urn:oid:1.3.6.1.4.1.2428.90.1."
+NETSCAPE_LDAP = "urn:oid:2.16.840.1.113730.3.1."
+UCL_DIR_PILOT = 'urn:oid:0.9.2342.19200300.100.1.'
+PKCS_9 = "urn:oid:1.2.840.113549.1.9.1."
+UMICH = "urn:oid:1.3.6.1.4.1.250.1.57."
+SCHAC = "urn:oid:1.3.6.1.4.1.25178.2."
+
+MAP = {
+    "identifier": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
+    "fro": {
+        EDUPERSON_OID+'2': 'eduPersonNickname',
+        EDUPERSON_OID+'9': 'eduPersonScopedAffiliation',
+        EDUPERSON_OID+'11': 'eduPersonAssurance',
+        EDUPERSON_OID+'10': 'eduPersonTargetedID',
+        EDUPERSON_OID+'4': 'eduPersonOrgUnitDN',
+        NOREDUPERSON_OID+'6': 'norEduOrgAcronym',
+        NOREDUPERSON_OID+'7': 'norEduOrgUniqueIdentifier',
+        NOREDUPERSON_OID+'4': 'norEduPersonLIN',
+        EDUPERSON_OID+'1': 'eduPersonAffiliation',
+        NOREDUPERSON_OID+'2': 'norEduOrgUnitUniqueNumber',
+        NETSCAPE_LDAP+'40': 'userSMIMECertificate',
+        NOREDUPERSON_OID+'1': 'norEduOrgUniqueNumber',
+        NETSCAPE_LDAP+'241': 'displayName',
+        UCL_DIR_PILOT+'37': 'associatedDomain',
+        EDUPERSON_OID+'6': 'eduPersonPrincipalName',
+        NOREDUPERSON_OID+'8': 'norEduOrgUnitUniqueIdentifier',
+        NOREDUPERSON_OID+'9': 'federationFeideSchemaVersion',
+        X500ATTR_OID+'53': 'deltaRevocationList',
+        X500ATTR_OID+'52': 'supportedAlgorithms',
+        X500ATTR_OID+'51': 'houseIdentifier',
+        X500ATTR_OID+'50': 'uniqueMember',
+        X500ATTR_OID+'19': 'physicalDeliveryOfficeName',
+        X500ATTR_OID+'18': 'postOfficeBox',
+        X500ATTR_OID+'17': 'postalCode',
+        X500ATTR_OID+'16': 'postalAddress',
+        X500ATTR_OID+'15': 'businessCategory',
+        X500ATTR_OID+'14': 'searchGuide',
+        EDUPERSON_OID+'5': 'eduPersonPrimaryAffiliation',
+        X500ATTR_OID+'12': 'title',
+        X500ATTR_OID+'11': 'ou',
+        X500ATTR_OID+'10': 'o',
+        X500ATTR_OID+'37': 'cACertificate',
+        X500ATTR_OID+'36': 'userCertificate',
+        X500ATTR_OID+'31': 'member',
+        X500ATTR_OID+'30': 'supportedApplicationContext',
+        X500ATTR_OID+'33': 'roleOccupant',
+        X500ATTR_OID+'32': 'owner',
+        NETSCAPE_LDAP+'1': 'carLicense',
+        PKCS_9+'1': 'email',
+        NETSCAPE_LDAP+'3': 'employeeNumber',
+        NETSCAPE_LDAP+'2': 'departmentNumber',
+        X500ATTR_OID+'39': 'certificateRevocationList',
+        X500ATTR_OID+'38': 'authorityRevocationList',
+        NETSCAPE_LDAP+'216': 'userPKCS12',
+        EDUPERSON_OID+'8': 'eduPersonPrimaryOrgUnitDN',
+        X500ATTR_OID+'9': 'street',
+        X500ATTR_OID+'8': 'st',
+        NETSCAPE_LDAP+'39': 'preferredLanguage',
+        EDUPERSON_OID+'7': 'eduPersonEntitlement',
+        X500ATTR_OID+'2': 'knowledgeInformation',
+        X500ATTR_OID+'7': 'l',
+        X500ATTR_OID+'6': 'c',
+        X500ATTR_OID+'5': 'serialNumber',
+        X500ATTR_OID+'4': 'sn',
+        UCL_DIR_PILOT+'60': 'jpegPhoto',
+        X500ATTR_OID+'65': 'pseudonym',
+        NOREDUPERSON_OID+'5': 'norEduPersonNIN',
+        UCL_DIR_PILOT+'3': 'mail',
+        UCL_DIR_PILOT+'25': 'dc',
+        X500ATTR_OID+'40': 'crossCertificatePair',
+        X500ATTR_OID+'42': 'givenName',
+        X500ATTR_OID+'43': 'initials',
+        X500ATTR_OID+'44': 'generationQualifier',
+        X500ATTR_OID+'45': 'x500UniqueIdentifier',
+        X500ATTR_OID+'46': 'dnQualifier',
+        X500ATTR_OID+'47': 'enhancedSearchGuide',
+        X500ATTR_OID+'48': 'protocolInformation',
+        X500ATTR_OID+'54': 'dmdName',
+        NETSCAPE_LDAP+'4': 'employeeType',
+        X500ATTR_OID+'22': 'teletexTerminalIdentifier',
+        X500ATTR_OID+'23': 'facsimileTelephoneNumber',
+        X500ATTR_OID+'20': 'telephoneNumber',
+        X500ATTR_OID+'21': 'telexNumber',
+        X500ATTR_OID+'26': 'registeredAddress',
+        X500ATTR_OID+'27': 'destinationIndicator',
+        X500ATTR_OID+'24': 'x121Address',
+        X500ATTR_OID+'25': 'internationaliSDNNumber',
+        X500ATTR_OID+'28': 'preferredDeliveryMethod',
+        X500ATTR_OID+'29': 'presentationAddress',
+        EDUPERSON_OID+'3': 'eduPersonOrgDN',
+        NOREDUPERSON_OID+'3': 'norEduPersonBirthDate',
+        UMICH+'57': 'labeledURI',
+        UCL_DIR_PILOT+'1': 'uid',
+        SCHAC+'1': 'schacMotherTongue',
+        SCHAC+'2': 'schacGender',
+        SCHAC+'3': 'schacDateOfBirth',
+        SCHAC+'4': 'schacPlaceOfBirth',
+        SCHAC+'5': 'schacCountryOfCitizenship',
+        SCHAC+'6': 'schacSn1',
+        SCHAC+'7': 'schacSn2',
+        SCHAC+'8': 'schacPersonalTitle',
+        SCHAC+'9': 'schacHomeOrganization',
+        SCHAC+'10': 'schacHomeOrganizationType',
+        SCHAC+'11': 'schacCountryOfResidence',
+        SCHAC+'12': 'schacUserPresenceID',
+        SCHAC+'13': 'schacPersonalPosition',
+        SCHAC+'14': 'schacPersonalUniqueCode',
+        SCHAC+'15': 'schacPersonalUniqueID',
+        SCHAC+'17': 'schacExpiryDate',
+        SCHAC+'18': 'schacUserPrivateAttribute',
+        SCHAC+'19': 'schacUserStatus',
+        SCHAC+'20': 'schacProjectMembership',
+        SCHAC+'21': 'schacProjectSpecificRole',
+    },
+    "to": {
+        'roleOccupant': X500ATTR_OID+'33',
+        'gn': X500ATTR_OID+'42',
+        'norEduPersonNIN': NOREDUPERSON_OID+'5',
+        'title': X500ATTR_OID+'12',
+        'facsimileTelephoneNumber': X500ATTR_OID+'23',
+        'mail': UCL_DIR_PILOT+'3',
+        'postOfficeBox': X500ATTR_OID+'18',
+        'fax': X500ATTR_OID+'23',
+        'telephoneNumber': X500ATTR_OID+'20',
+        'norEduPersonBirthDate': NOREDUPERSON_OID+'3',
+        'rfc822Mailbox': UCL_DIR_PILOT+'3',
+        'dc': UCL_DIR_PILOT+'25',
+        'countryName': X500ATTR_OID+'6',
+        'emailAddress': PKCS_9+'1',
+        'employeeNumber': NETSCAPE_LDAP+'3',
+        'organizationName': X500ATTR_OID+'10',
+        'eduPersonAssurance': EDUPERSON_OID+'11',
+        'norEduOrgAcronym': NOREDUPERSON_OID+'6',
+        'registeredAddress': X500ATTR_OID+'26',
+        'physicalDeliveryOfficeName': X500ATTR_OID+'19',
+        'associatedDomain': UCL_DIR_PILOT+'37',
+        'l': X500ATTR_OID+'7',
+        'stateOrProvinceName': X500ATTR_OID+'8',
+        'federationFeideSchemaVersion': NOREDUPERSON_OID+'9',
+        'pkcs9email': PKCS_9+'1',
+        'givenName': X500ATTR_OID+'42',
+        'givenname': X500ATTR_OID+'42',
+        'x500UniqueIdentifier': X500ATTR_OID+'45',
+        'eduPersonNickname': EDUPERSON_OID+'2',
+        'houseIdentifier': X500ATTR_OID+'51',
+        'street': X500ATTR_OID+'9',
+        'supportedAlgorithms': X500ATTR_OID+'52',
+        'preferredLanguage': NETSCAPE_LDAP+'39',
+        'postalAddress': X500ATTR_OID+'16',
+        'email': PKCS_9+'1',
+        'norEduOrgUnitUniqueIdentifier': NOREDUPERSON_OID+'8',
+        'eduPersonPrimaryOrgUnitDN': EDUPERSON_OID+'8',
+        'c': X500ATTR_OID+'6',
+        'teletexTerminalIdentifier': X500ATTR_OID+'22',
+        'o': X500ATTR_OID+'10',
+        'cACertificate': X500ATTR_OID+'37',
+        'telexNumber': X500ATTR_OID+'21',
+        'ou': X500ATTR_OID+'11',
+        'initials': X500ATTR_OID+'43',
+        'eduPersonOrgUnitDN': EDUPERSON_OID+'4',
+        'deltaRevocationList': X500ATTR_OID+'53',
+        'norEduPersonLIN': NOREDUPERSON_OID+'4',
+        'supportedApplicationContext': X500ATTR_OID+'30',
+        'eduPersonEntitlement': EDUPERSON_OID+'7',
+        'generationQualifier': X500ATTR_OID+'44',
+        'eduPersonAffiliation': EDUPERSON_OID+'1',
+        'edupersonaffiliation': EDUPERSON_OID+'1',
+        'eduPersonPrincipalName': EDUPERSON_OID+'6',
+        'edupersonprincipalname': EDUPERSON_OID+'6',
+        'localityName': X500ATTR_OID+'7',
+        'owner': X500ATTR_OID+'32',
+        'norEduOrgUnitUniqueNumber': NOREDUPERSON_OID+'2',
+        'searchGuide': X500ATTR_OID+'14',
+        'certificateRevocationList': X500ATTR_OID+'39',
+        'organizationalUnitName': X500ATTR_OID+'11',
+        'userCertificate': X500ATTR_OID+'36',
+        'preferredDeliveryMethod': X500ATTR_OID+'28',
+        'internationaliSDNNumber': X500ATTR_OID+'25',
+        'uniqueMember': X500ATTR_OID+'50',
+        'departmentNumber': NETSCAPE_LDAP+'2',
+        'enhancedSearchGuide': X500ATTR_OID+'47',
+        'userPKCS12': NETSCAPE_LDAP+'216',
+        'eduPersonTargetedID': EDUPERSON_OID+'10',
+        'norEduOrgUniqueNumber': NOREDUPERSON_OID+'1',
+        'x121Address': X500ATTR_OID+'24',
+        'destinationIndicator': X500ATTR_OID+'27',
+        'eduPersonPrimaryAffiliation': EDUPERSON_OID+'5',
+        'surname': X500ATTR_OID+'4',
+        'jpegPhoto': UCL_DIR_PILOT+'60',
+        'eduPersonScopedAffiliation': EDUPERSON_OID+'9',
+        'edupersonscopedaffiliation': EDUPERSON_OID+'9',
+        'protocolInformation': X500ATTR_OID+'48',
+        'knowledgeInformation': X500ATTR_OID+'2',
+        'employeeType': NETSCAPE_LDAP+'4',
+        'userSMIMECertificate': NETSCAPE_LDAP+'40',
+        'member': X500ATTR_OID+'31',
+        'streetAddress': X500ATTR_OID+'9',
+        'dmdName': X500ATTR_OID+'54',
+        'postalCode': X500ATTR_OID+'17',
+        'pseudonym': X500ATTR_OID+'65',
+        'dnQualifier': X500ATTR_OID+'46',
+        'crossCertificatePair': X500ATTR_OID+'40',
+        'eduPersonOrgDN': EDUPERSON_OID+'3',
+        'authorityRevocationList': X500ATTR_OID+'38',
+        'displayName': NETSCAPE_LDAP+'241',
+        'businessCategory': X500ATTR_OID+'15',
+        'serialNumber': X500ATTR_OID+'5',
+        'norEduOrgUniqueIdentifier': NOREDUPERSON_OID+'7',
+        'st': X500ATTR_OID+'8',
+        'carLicense': NETSCAPE_LDAP+'1',
+        'presentationAddress': X500ATTR_OID+'29',
+        'sn': X500ATTR_OID+'4',
+        'domainComponent': UCL_DIR_PILOT+'25',
+        'labeledURI': UMICH+'57',
+        'uid': UCL_DIR_PILOT+'1',
+        'schacMotherTongue':SCHAC+'1',
+        'schacGender': SCHAC+'2',
+        'schacDateOfBirth':SCHAC+'3',
+        'schacPlaceOfBirth': SCHAC+'4',
+        'schacCountryOfCitizenship':SCHAC+'5',
+        'schacSn1': SCHAC+'6',
+        'schacSn2': SCHAC+'7',
+        'schacPersonalTitle':SCHAC+'8',
+        'schacHomeOrganization': SCHAC+'9',
+        'schacHomeOrganizationType': SCHAC+'10',
+        'schacCountryOfResidence': SCHAC+'11',
+        'schacUserPresenceID': SCHAC+'12',
+        'schacPersonalPosition': SCHAC+'13',
+        'schacPersonalUniqueCode': SCHAC+'14',
+        'schacPersonalUniqueID': SCHAC+'15',
+        'schacExpiryDate': SCHAC+'17',
+        'schacUserPrivateAttribute': SCHAC+'18',
+        'schacUserStatus': SCHAC+'19',
+        'schacProjectMembership': SCHAC+'20',
+        'schacProjectSpecificRole': SCHAC+'21',
+    }
+}  
--- a/pinaxcon/saml2/attribute-maps/shibboleth_uri.py
+++ b/pinaxcon/saml2/attribute-maps/shibboleth_uri.py
@ -0,0 +1,190 @@
+EDUPERSON_OID = "urn:oid:1.3.6.1.4.1.5923.1.1.1."
+X500ATTR = "urn:oid:2.5.4."
+NOREDUPERSON_OID = "urn:oid:1.3.6.1.4.1.2428.90.1."
+NETSCAPE_LDAP = "urn:oid:2.16.840.1.113730.3.1."
+UCL_DIR_PILOT = "urn:oid:0.9.2342.19200300.100.1."
+PKCS_9 = "urn:oid:1.2.840.113549.1.9."
+UMICH = "urn:oid:1.3.6.1.4.1.250.1.57."
+
+MAP = {
+    "identifier": "urn:mace:shibboleth:1.0:attributeNamespace:uri",
+    "fro": {
+        EDUPERSON_OID+'2': 'eduPersonNickname',
+        EDUPERSON_OID+'9': 'eduPersonScopedAffiliation',
+        EDUPERSON_OID+'11': 'eduPersonAssurance',
+        EDUPERSON_OID+'10': 'eduPersonTargetedID',
+        EDUPERSON_OID+'4': 'eduPersonOrgUnitDN',
+        NOREDUPERSON_OID+'6': 'norEduOrgAcronym',
+        NOREDUPERSON_OID+'7': 'norEduOrgUniqueIdentifier',
+        NOREDUPERSON_OID+'4': 'norEduPersonLIN',
+        EDUPERSON_OID+'1': 'eduPersonAffiliation',
+        NOREDUPERSON_OID+'2': 'norEduOrgUnitUniqueNumber',
+        NETSCAPE_LDAP+'40': 'userSMIMECertificate',
+        NOREDUPERSON_OID+'1': 'norEduOrgUniqueNumber',
+        NETSCAPE_LDAP+'241': 'displayName',
+        UCL_DIR_PILOT+'37': 'associatedDomain',
+        EDUPERSON_OID+'6': 'eduPersonPrincipalName',
+        NOREDUPERSON_OID+'8': 'norEduOrgUnitUniqueIdentifier',
+        NOREDUPERSON_OID+'9': 'federationFeideSchemaVersion',
+        X500ATTR+'53': 'deltaRevocationList',
+        X500ATTR+'52': 'supportedAlgorithms',
+        X500ATTR+'51': 'houseIdentifier',
+        X500ATTR+'50': 'uniqueMember',
+        X500ATTR+'19': 'physicalDeliveryOfficeName',
+        X500ATTR+'18': 'postOfficeBox',
+        X500ATTR+'17': 'postalCode',
+        X500ATTR+'16': 'postalAddress',
+        X500ATTR+'15': 'businessCategory',
+        X500ATTR+'14': 'searchGuide',
+        EDUPERSON_OID+'5': 'eduPersonPrimaryAffiliation',
+        X500ATTR+'12': 'title',
+        X500ATTR+'11': 'ou',
+        X500ATTR+'10': 'o',
+        X500ATTR+'37': 'cACertificate',
+        X500ATTR+'36': 'userCertificate',
+        X500ATTR+'31': 'member',
+        X500ATTR+'30': 'supportedApplicationContext',
+        X500ATTR+'33': 'roleOccupant',
+        X500ATTR+'32': 'owner',
+        NETSCAPE_LDAP+'1': 'carLicense',
+        PKCS_9+'1': 'email',
+        NETSCAPE_LDAP+'3': 'employeeNumber',
+        NETSCAPE_LDAP+'2': 'departmentNumber',
+        X500ATTR+'39': 'certificateRevocationList',
+        X500ATTR+'38': 'authorityRevocationList',
+        NETSCAPE_LDAP+'216': 'userPKCS12',
+        EDUPERSON_OID+'8': 'eduPersonPrimaryOrgUnitDN',
+        X500ATTR+'9': 'street',
+        X500ATTR+'8': 'st',
+        NETSCAPE_LDAP+'39': 'preferredLanguage',
+        EDUPERSON_OID+'7': 'eduPersonEntitlement',
+        X500ATTR+'2': 'knowledgeInformation',
+        X500ATTR+'7': 'l',
+        X500ATTR+'6': 'c',
+        X500ATTR+'5': 'serialNumber',
+        X500ATTR+'4': 'sn',
+        UCL_DIR_PILOT+'60': 'jpegPhoto',
+        X500ATTR+'65': 'pseudonym',
+        NOREDUPERSON_OID+'5': 'norEduPersonNIN',
+        UCL_DIR_PILOT+'3': 'mail',
+        UCL_DIR_PILOT+'25': 'dc',
+        X500ATTR+'40': 'crossCertificatePair',
+        X500ATTR+'42': 'givenName',
+        X500ATTR+'43': 'initials',
+        X500ATTR+'44': 'generationQualifier',
+        X500ATTR+'45': 'x500UniqueIdentifier',
+        X500ATTR+'46': 'dnQualifier',
+        X500ATTR+'47': 'enhancedSearchGuide',
+        X500ATTR+'48': 'protocolInformation',
+        X500ATTR+'54': 'dmdName',
+        NETSCAPE_LDAP+'4': 'employeeType',
+        X500ATTR+'22': 'teletexTerminalIdentifier',
+        X500ATTR+'23': 'facsimileTelephoneNumber',
+        X500ATTR+'20': 'telephoneNumber',
+        X500ATTR+'21': 'telexNumber',
+        X500ATTR+'26': 'registeredAddress',
+        X500ATTR+'27': 'destinationIndicator',
+        X500ATTR+'24': 'x121Address',
+        X500ATTR+'25': 'internationaliSDNNumber',
+        X500ATTR+'28': 'preferredDeliveryMethod',
+        X500ATTR+'29': 'presentationAddress',
+        EDUPERSON_OID+'3': 'eduPersonOrgDN',
+        NOREDUPERSON_OID+'3': 'norEduPersonBirthDate',
+    },
+    "to":{
+        'roleOccupant': X500ATTR+'33',
+        'gn': X500ATTR+'42',
+        'norEduPersonNIN': NOREDUPERSON_OID+'5',
+        'title': X500ATTR+'12',
+        'facsimileTelephoneNumber': X500ATTR+'23',
+        'mail': UCL_DIR_PILOT+'3',
+        'postOfficeBox': X500ATTR+'18',
+        'fax': X500ATTR+'23',
+        'telephoneNumber': X500ATTR+'20',
+        'norEduPersonBirthDate': NOREDUPERSON_OID+'3',
+        'rfc822Mailbox': UCL_DIR_PILOT+'3',
+        'dc': UCL_DIR_PILOT+'25',
+        'countryName': X500ATTR+'6',
+        'emailAddress': PKCS_9+'1',
+        'employeeNumber': NETSCAPE_LDAP+'3',
+        'organizationName': X500ATTR+'10',
+        'eduPersonAssurance': EDUPERSON_OID+'11',
+        'norEduOrgAcronym': NOREDUPERSON_OID+'6',
+        'registeredAddress': X500ATTR+'26',
+        'physicalDeliveryOfficeName': X500ATTR+'19',
+        'associatedDomain': UCL_DIR_PILOT+'37',
+        'l': X500ATTR+'7',
+        'stateOrProvinceName': X500ATTR+'8',
+        'federationFeideSchemaVersion': NOREDUPERSON_OID+'9',
+        'pkcs9email': PKCS_9+'1',
+        'givenName': X500ATTR+'42',
+        'x500UniqueIdentifier': X500ATTR+'45',
+        'eduPersonNickname': EDUPERSON_OID+'2',
+        'houseIdentifier': X500ATTR+'51',
+        'street': X500ATTR+'9',
+        'supportedAlgorithms': X500ATTR+'52',
+        'preferredLanguage': NETSCAPE_LDAP+'39',
+        'postalAddress': X500ATTR+'16',
+        'email': PKCS_9+'1',
+        'norEduOrgUnitUniqueIdentifier': NOREDUPERSON_OID+'8',
+        'eduPersonPrimaryOrgUnitDN': EDUPERSON_OID+'8',
+        'c': X500ATTR+'6',
+        'teletexTerminalIdentifier': X500ATTR+'22',
+        'o': X500ATTR+'10',
+        'cACertificate': X500ATTR+'37',
+        'telexNumber': X500ATTR+'21',
+        'ou': X500ATTR+'11',
+        'initials': X500ATTR+'43',
+        'eduPersonOrgUnitDN': EDUPERSON_OID+'4',
+        'deltaRevocationList': X500ATTR+'53',
+        'norEduPersonLIN': NOREDUPERSON_OID+'4',
+        'supportedApplicationContext': X500ATTR+'30',
+        'eduPersonEntitlement': EDUPERSON_OID+'7',
+        'generationQualifier': X500ATTR+'44',
+        'eduPersonAffiliation': EDUPERSON_OID+'1',
+        'eduPersonPrincipalName': EDUPERSON_OID+'6',
+        'localityName': X500ATTR+'7',
+        'owner': X500ATTR+'32',
+        'norEduOrgUnitUniqueNumber': NOREDUPERSON_OID+'2',
+        'searchGuide': X500ATTR+'14',
+        'certificateRevocationList': X500ATTR+'39',
+        'organizationalUnitName': X500ATTR+'11',
+        'userCertificate': X500ATTR+'36',
+        'preferredDeliveryMethod': X500ATTR+'28',
+        'internationaliSDNNumber': X500ATTR+'25',
+        'uniqueMember': X500ATTR+'50',
+        'departmentNumber': NETSCAPE_LDAP+'2',
+        'enhancedSearchGuide': X500ATTR+'47',
+        'userPKCS12': NETSCAPE_LDAP+'216',
+        'eduPersonTargetedID': EDUPERSON_OID+'10',
+        'norEduOrgUniqueNumber': NOREDUPERSON_OID+'1',
+        'x121Address': X500ATTR+'24',
+        'destinationIndicator': X500ATTR+'27',
+        'eduPersonPrimaryAffiliation': EDUPERSON_OID+'5',
+        'surname': X500ATTR+'4',
+        'jpegPhoto': UCL_DIR_PILOT+'60',
+        'eduPersonScopedAffiliation': EDUPERSON_OID+'9',
+        'protocolInformation': X500ATTR+'48',
+        'knowledgeInformation': X500ATTR+'2',
+        'employeeType': NETSCAPE_LDAP+'4',
+        'userSMIMECertificate': NETSCAPE_LDAP+'40',
+        'member': X500ATTR+'31',
+        'streetAddress': X500ATTR+'9',
+        'dmdName': X500ATTR+'54',
+        'postalCode': X500ATTR+'17',
+        'pseudonym': X500ATTR+'65',
+        'dnQualifier': X500ATTR+'46',
+        'crossCertificatePair': X500ATTR+'40',
+        'eduPersonOrgDN': EDUPERSON_OID+'3',
+        'authorityRevocationList': X500ATTR+'38',
+        'displayName': NETSCAPE_LDAP+'241',
+        'businessCategory': X500ATTR+'15',
+        'serialNumber': X500ATTR+'5',
+        'norEduOrgUniqueIdentifier': NOREDUPERSON_OID+'7',
+        'st': X500ATTR+'8',
+        'carLicense': NETSCAPE_LDAP+'1',
+        'presentationAddress': X500ATTR+'29',
+        'sn': X500ATTR+'4',
+        'domainComponent': UCL_DIR_PILOT+'25',
+    }
+}
--- a/pinaxcon/settings.py
+++ b/pinaxcon/settings.py
@ -1,4 +1,6 @@
 import os
+import saml2
+import saml2.saml
 from django.utils.crypto import get_random_string


@ -104,6 +106,8 @@ INSTALLED_APPS = [
    "django.contrib.humanize",
    "debug_toolbar",

+    'djangosaml2',
+
    # theme
    "bootstrapform",
    "pinax_theme_bootstrap",
@ -223,9 +227,14 @@ EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"
 THEME_CONTACT_EMAIL = "team@lca2018.org"

 AUTHENTICATION_BACKENDS = [
-    "symposion.teams.backends.TeamPermissionsBackend",
+    'symposion.teams.backends.TeamPermissionsBackend',
+    'django.contrib.auth.backends.ModelBackend',
+    'djangosaml2.backends.Saml2Backend',
 ]

+LOGIN_URL = '/saml2/login/'
+SESSION_EXPIRE_AT_BROWSER_CLOSE = True
+
 CONFERENCE_ID = 1
 PROPOSAL_FORMS = {
    "talk": "pinaxcon.proposals.forms.TalkProposalForm",
@ -269,6 +278,56 @@ NOSE_ARGS = [
    '--cover-package=registrasion.controllers,registrasion.models',
 ]

+BASEDIR = os.path.dirname(os.path.abspath(__file__))
+BASEDIR = os.path.join(BASEDIR, 'saml2')
+SAML_ATTRIBUTE_MAPPING = {
+    'uid': ('username', ),
+    'mail': ('email', ),
+    'givenName': ('first_name', ),
+    'sn': ('last_name', ),
+}
+SAML_CONFIG = {
+    'xmlsec_binary': '/usr/bin/xmlsec1',
+    'entityid': 'http://example.com/saml2/metadata/',
+    'attribute_map_dir': os.path.join(BASEDIR, 'attribute-maps'),
+    'service': {
+        'sp': {
+            'name': 'Federated Django sample SP',
+            'endpoints': {
+                'assertion_consumer_service': [
+                    'http://example.com/saml2/acs/',
+                    ],
+                'single_logout_service': [
+                    ('http://example.com/saml2/ls/',
+                     saml2.BINDING_HTTP_REDIRECT),
+                    ('http://example.com/saml2/ls/post',
+                     saml2.BINDING_HTTP_POST),
+                    ],
+                },
+            'logout_requests_signed': True,
+            'required_attributes': ['uid', 'mail', 'givenName', 'sn'],
+            },
+        },
+    'metadata': {
+        'local': [os.path.join(BASEDIR, 'remote_metadata.xml')],
+        },
+    'debug': 1,
+    'key_file': os.path.join(BASEDIR, 'cert.key'),
+    'cert_file': os.path.join(BASEDIR, 'cert.pem'),
+    'encryption_keypairs': [{
+        'key_file': os.path.join(BASEDIR, 'enc.key'),
+        'cert_file': os.path.join(BASEDIR, 'enc.cert'),
+    }],
+    'contact_person': [
+        {'given_name': os.environ.get("META_GIVEN_NAME", 'Bastard'),
+         'sur_name': os.environ.get('META_FAM_NAME', 'Operator'),
+         'company': os.environ.get('META_COMPANY', 'Corp1'),
+         'email_address': os.environ.get('META_EMAIL', 'op@example.com'),
+         'contact_type': 'technical'},
+        ],
+    'valid_for': 1,
+}
+
 # Production settings have their own file to override stuff here
 try:
    LOCAL_SETTINGS
--- a/pinaxcon/urls.py
+++ b/pinaxcon/urls.py
@ -9,6 +9,7 @@ import symposion.views


 urlpatterns = [
+    url(r'^saml2/', include('djangosaml2.urls')),
    url(r"^admin/", include(admin.site.urls)),

    url(r"^dashboard/", symposion.views.dashboard, name="dashboard"),
--- a/requirements.txt
+++ b/requirements.txt
@ -10,6 +10,8 @@ pylibmc==1.5.1
 raven==5.27.0
 django-debug-toolbar==1.6

+djangosaml2
+
 # database
 mysqlclient>=1.3.3