stackoom
  简体   繁体   中英

Django Authenticate against external SSO

 原文  2017-02-03 16:51:24       django/ django-views

Question

Forgive me if the wording here is a bit odd. I have a fair amount of experience with python, but I'm pretty new to Django and still trying to get my sea legs.

I've inherited a PHP site from the former System admin at my new job, and I want to rework it into a django app to simplify/cleanup the code.

The PHP site is using .htaccess file with Pubcookie apache module for authentication (as well as some basic checks in the php code to ensure the user checks out against a database of authorized users, but that part i'm less concerned with), and looks like this: 

AuthType SecureID
require valid-user
PubcookieAppID "name of the app"

In my apache configs, I have various pubcookie definitions. 

LoadModule pubcookie_module /usr/lib/apache2/modules/mod_pubcookie.so
PubcookieGrantingCertFile /usr/local/pubcookie/keys/pubcookie_granting.cert
PubcookieSessionKeyFile /etc/ssl/private/akey.pem
PubcookieSessionCertFile /etc/ssl/certs/acert.pem
PubcookieLogin https://weblogin.domain.com/
PubcookieLoginMethod POST
PubcookieDomain .domain.com
PubcookieKeyDir /usr/local/pubcookie/keys/
PubcookieAuthTypeNames ADUserID null SecurID

My question is...How do I implement this sort of thing on the python end? I have looked at using RemoteUserMiddleware , or PersistentRemoteUserMiddleware .

But most of the information I have found for that doesn't go into great detail about how to actually point your app at the correct login page. The official documentation seems to stop at adding the middleware under middleware in the settings.py file in the django project.

It also bare's mentioning that the weblogin.domain.com is handled by another group that I don't have direct access to, and is not one of my servers so I can't really poke around there.

I realize this is...extremely broad, but any information that could point me in the right direction would be appreciated.

In an ideal scenario, I would like to be able to restrict different views to different authtypes, but I'd be happy to get anything working sensibly.

1 answers

solution1
 0  2017-02-04 16:24:30

So, For what it's worth. The answer was to use pubcookie with apache as normal. then use RemoteUserMiddleware or PersistentRemoteeUserMiddleware as expected. As it turns out you don't have to handle any outside configuration for the middleware, it just imports whats shoved at it.

Finally the piece I was really missing, information from apache/pubcookie authentication can be accessed with request.META library from inside django code

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Django - Authenticate against existing DB How to authenticate against Django from Drupal? Django querying against external database with different timezone Is it possible to authenticate against a single source from two distinct Django deployments? Authenticate against Drupal users database table from Django application Django Authenticate Is there a way to configure an external SSO login system with my existing Django Web Application Django SSO with Microsoft ADFS SSO solutions for Django Django + Google SSO openid
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM