15👍
We’re using OpenAM. http://forgerock.com/openam.html
The OpenAM Cookie means that the user is authenticated.
An authentication backend for this is pretty simple. Under 50 lines of code.
https://docs.djangoproject.com/en/3.1/topics/auth/customizing/#other-authentication-sources
We wrote a little bit of code that makes a RESTful request to the OpenAM server to get the user, group and role information. We then use the roles to determine the user’s authorizations.
14👍
MamaCAS appears to be a good solution. (It has gained 104 stars at the time of writing.)
https://github.com/jbittel/django-mama-cas
MamaCAS is a Django Central Authentication Service (CAS) single sign-on and single logout server. It implements the CAS 1.0, 2.0 and 3.0 protocols, including some of the optional features.
CAS is a single sign-on and single logout web protocol that allows a user to access multiple applications after providing their credentials a single time. It utilizes security tickets, unique text strings generated and validated by the server, allowing applications to authenticate a user without direct access to the user’s credentials (typically a user ID and password).
- [Django]-How to format time in django-rest-framework's serializer?
- [Django]-Django: Create fixtures without specifying a primary key?
- [Django]-Where to put business logic in django
- [Django]-How to access the user profile in a Django template?
- [Django]-How to query abstract-class-based objects in Django?
- [Django]-Resource temporarily unavailable using uwsgi + nginx
- [Django]-How to repeat a "block" in a django template
- [Django]-Write only, read only fields in django rest framework
- [Django]-How to get an ImageField URL within a template?
7👍
Django Simple SSO is another one.
https://github.com/aldryn/django-simple-sso
article about how to use this repo
a article
- [Django]-How do I use Django groups and permissions?
- [Django]-HTTPError 403 (Forbidden) with Django and python-social-auth connecting to Google with OAuth2
- [Django]-Django datetime issues (default=datetime.now())
3👍
You may implement SSO as follows:
- Shibboleth as Identity Provider
- Django website as Service Provider
I’ve just finished writing detailed guide on my blog: http://codeinpython.blogspot.com/2015/11/how-to-setup-shibboleth-identity.html
- [Django]-Django Admin Show Image from Imagefield
- [Django]-Creating email templates with Django
- [Django]-How to access Enum types in Django templates
3👍
I have used https://github.com/onelogin/python3-saml with Azure AD and Google–pretty simple setup with great docs and support.
- [Django]-How to reset Django admin password?
- [Django]-Django count RawQuerySet
- [Django]-How can I set a default value for a field in a Django model?
3👍
CAS (Central Authentication Service) is a good solution that supports SSO (Single Sign-On) and Single Logout (SLO) for Django and Flask. Here is a setup instruction to have a CAS server and multiple clients with the same login/logout:
- A CAS-Client is needed so I used the new generation of Django-CAS called django-cas-ng package and here is its configuration to make your own client. (Also, here is a pre-configured client repo)
- A CAS-Server is needed so I used a pre-configured repo.
[NOTE]:
- It supports Django 1.11, 2.x, 3.x
[UPDATE]:
- It’s also worth mentioning that, you have to change the default clients’
SESSION_COOKIE_NAMEin order to make distinguishable sessions to avoid conflicts at login/logout. In Django, you should add the following line in thesettings.pyfor each Django client:
SESSION_COOKIE_NAME = 'client1_sess'
- [Django]-How do you perform Django database migrations when using Docker-Compose?
- [Django]-Django: Set foreign key using integer?
- [Django]-Get last record in a queryset