diff --git a/pkgs/development/python-modules/pysaml2/default.nix b/pkgs/development/python-modules/pysaml2/default.nix
index dca55176f1623..188bf2e3f80e2 100644
--- a/pkgs/development/python-modules/pysaml2/default.nix
+++ b/pkgs/development/python-modules/pysaml2/default.nix
@@ -4,6 +4,7 @@
   cryptography,
   defusedxml,
   fetchFromGitHub,
+  fetchpatch,
   paste,
   poetry-core,
   pyasn1,
@@ -25,22 +26,25 @@
 
 buildPythonPackage rec {
   pname = "pysaml2";
-  version = "7.5.0";
-  format = "pyproject";
-
-  disabled = pythonOlder "3.9";
+  version = "7.5.2";
+  pyproject = true;
 
   src = fetchFromGitHub {
     owner = "IdentityPython";
     repo = "pysaml2";
     tag = "v${version}";
-    hash = "sha256-M/tdKGu6K38TeBZc8/dt376bHhPB0svHB3iis/se0DY=";
+    hash = "sha256-2mvAXTruZqoSBUgfT2VEAnWQXVdviG0e49y7LPK5x00=";
   };
 
   patches = [
     (replaceVars ./hardcode-xmlsec1-path.patch {
       inherit xmlsec;
     })
+    # Replaces usages of deprecated/removed pyopenssl APIs
+    (fetchpatch {
+      url = "https://github.com/IdentityPython/pysaml2/pull/977/commits/930a652a240c8cd1489429a7d70cf5fa7ef1606a.patch";
+      hash = "sha256-kBNvGk5pwVmpW1wsIWVH9wapu6kjFavaTt4e3Llaw2c=";
+    })
   ];
 
   postPatch = ''
@@ -86,6 +90,9 @@ buildPythonPackage rec {
     "test_load_remote_encoding"
     "test_load_external"
     "test_conf_syslog"
+
+    # Broken XML schema check in 7.5.2
+    "test_namespace_processing"
   ];
 
   pythonImportsCheck = [ "saml2" ];
@@ -96,8 +103,5 @@ buildPythonPackage rec {
     changelog = "https://github.com/IdentityPython/pysaml2/blob/v${version}/CHANGELOG.md";
     license = licenses.asl20;
     maintainers = [ ];
-    # Does not support pyopenssl above 24.3.0 due to use of a deprecated API,
-    # see https://github.com/IdentityPython/pysaml2/issues/975
-    broken = true;
   };
 }