We need a simple implementation for a SAML 2.0 Service Provider (SP) in pure Python, using only the libraries available at Google App Engine Standard Environment (e.g. pycrypto) with webapp2. In order to keep it simple, the IP and SP metadata should be hardcoded, as well as the SP public and private keys in PEM format.
The aim is basically to: (1) create the AuthNRequest XML and sign it, (2) redirect to the IP endpoint, (3) process the IP XML posted message and (4) verify that it is correctly signed.