Is there a library I can use to do a SAML authentication in App Engine using python?

I've looked at pysaml2 which does say it's pure python implementation. However, it's using subprocess.Popen which cannot be used within App Engine and will fail at that point.

You can use python-saml on GAE if you use the flex environment with a custom runtime built off of the standard python27 runtime provided by google. I just got onelogin's python-saml flask-demo successfully working with this approach using the following settings:

Dockerfile:

FROM gcr.io/google_appengine/python
LABEL python_version=python
RUN virtualenv /env -p python

# Install system packages for onelogin dependencies not already included in runtime
RUN apt-get update && apt-get --yes --quiet install python2.7-dev libxmlsec1-dev

# Set virtualenv environment variables. This is equivalent to running
# source /env/bin/activate
ENV VIRTUAL_ENV /env
ENV PATH /env/bin:$PATH
ADD requirements.txt /app/
RUN pip install -r requirements.txt
ADD . /app/
CMD python index.py

app.yaml

runtime: custom
env: flex
entrypoint: python index.py

api_version: 1
threadsafe: true

requirements.txt

flask==0.10.1
python-saml

then simply do gcloud app deploy app.yaml --version v1

Try python-saml or python3-saml