Quick and dirty example of how to authenticate to Office 365 SharePoint Online using urllib2, jinja2, cookielib. Basically you POST your user/pass to Microsoft's token service, then hand that token to SharePoint's login proper, which gives you a cookie to access SharePoint content.

auth_sharepointonline.py

import urllib2
import cookielib
import urlparse
import jinja2
from urllib2 import HTTPCookieProcessor
from lxml import etree

# Setup Jinja for SAML
JINJA_TEMPLATE_PATH = "/Users/Brian/IdeaProjects/yggdrasil/templates"
JINJA_ENVIRONMENT = jinja2.Environment(
    loader=jinja2.FileSystemLoader(JINJA_TEMPLATE_PATH),
    extensions=['jinja2.ext.autoescape'],
    autoescape=True)
saml_template = JINJA_ENVIRONMENT.get_template('saml.xml')

# lxml needs namespaces
namespaces = {'S': "http://www.w3.org/2003/05/soap-envelope",
    'wst': "http://schemas.xmlsoap.org/ws/2005/02/trust",
    'wsse': "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd",
    'wsu': "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd",
    'saml': "urn:oasis:names:tc:SAML:1.0:assertion",
    'wsp': "http://schemas.xmlsoap.org/ws/2004/09/policy",
    'psf': "http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"}

# This is the external microsoft service that will handout a token when given credentials
mso_auth_uri = "https://login.microsoftonline.com/extSTS.srf"
# Authentication front-end for SharePoint Online (hand it a token, gives us a cookie)
spo_auth_uri = "/_forms/default.aspx?wa=wsignin1.0"


# Change this stuff
username = "user@mydomain.onmicrosoft.com"
password = "p@ssword1"
sp_site = "https://mydomain.sharepoint.com"


sp_login_uri = urlparse.urljoin(sp_site, spo_auth_uri)
# file we want
sp_url = "https://mydomain.sharepoint.com/_vti_bin/ListData.svc/"

# xpath for binarytoken (not valid for pre-Office 365 SPO, probably doesn't apply to you)
tokenpath = "/S:Envelope/S:Body/wst:RequestSecurityTokenResponse/wst:RequestedSecurityToken/wsse:BinarySecurityToken"

# populate SAML + need cookie jar to magically handout cookies.
login_vars = {'username': username, 'password': password, 'url': sp_url}
saml = saml_template.render(login_vars)
jar = cookielib.CookieJar()
opener = urllib2.build_opener(HTTPCookieProcessor(jar))

# MSO/SPO prefers a browser UA
opener.addheaders = [
    ('User-Agent', 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11')]

# 1. Get the token from MSO
f = opener.open(mso_auth_uri, saml)
tree = etree.parse(f)
# 2. Receive SAML response, store token
binarytoken = tree.xpath(tokenpath, namespaces=namespaces)[0].text
# 3. Post token to sharepoint online to get cookie
opener.open(sp_login_uri, data=binarytoken)
# 4/5 CookieJar will handle the cookies, request what we actually want.
resp = opener.open(sp_url)
# Do something interesting...
print resp.read()

saml.xml

<?xml version="1.0" encoding="UTF-8"?>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <s:Header>
        <a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
        <a:ReplyTo>
            <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
        </a:ReplyTo>
        <a:To s:mustUnderstand="1">https://login.microsoftonline.com/extSTS.srf</a:To>
        <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <o:UsernameToken>
                <o:Username>{{ username }}</o:Username>
                <o:Password>{{ password }}</o:Password>
            </o:UsernameToken>
        </o:Security>
    </s:Header>
    <s:Body>
        <t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
            <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
                <a:EndpointReference>
                    <a:Address>{{ url }}</a:Address>
                </a:EndpointReference>
            </wsp:AppliesTo>
            <t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>
            <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
            <t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
        </t:RequestSecurityToken>
    </s:Body>
</s:Envelope>

Hi Brian,
Thanks for this code, it's the clearest I've seen yet.

I do have a problem though, when the script gets as far as "binarytoken = tree.xpath(tokenpath, namespaces=namespaces)[0].text" it crashes with the exception below.

/usr/bin/python2.7 /home/setupuser/PycharmProjects/SharePointToolKit/auth_sharepointonline.py Traceback (most recent call last):
File "/home/setupuser/PycharmProjects/SharePointToolKit/auth_sharepointonline.py", line 58, in > >
binarytoken = tree.xpath(tokenpath, namespaces=namespaces)[0].text
IndexError: list index out of range

Process finished with exit code 1

Unfortunately I don't really have enough experience with Python or SAML to get much further than this.

I don't even know if I need to make any modifications to the saml.xml before I can use the code.

Any help would be much appreciated.

Wasn't able to get this to work either, got stuck in the same place as LeewoC. I suspect that there was an update on Microsofts' side, or some other error with the authentification.

Instead I'm building a screen scraping tool that will fetch the file in a vm with Sikuli.