I would like to use Django for implementing Single Sign On (SSO) for multiple applications that we currently use. How can I implement this using Django?
Asked
Active
Viewed 6.0k times
64
-
Are you already using a SSO mechanism for the other apps? Are they Django apps, too? (if yes, are they hosted on the same domain) – AndiDog Jan 11 '11 at 21:37
8 Answers
15
We're using OpenAM. http://forgerock.com/openam.html
The OpenAM Cookie means that the user is authenticated.
An authentication backend for this is pretty simple. Under 50 lines of code.
https://docs.djangoproject.com/en/3.1/topics/auth/customizing/#other-authentication-sources
We wrote a little bit of code that makes a RESTful request to the OpenAM server to get the user, group and role information. We then use the roles to determine the user's authorizations.
14
MamaCAS appears to be a good solution. (It has gained 104 stars at the time of writing.)
https://github.com/jbittel/django-mama-cas
MamaCAS is a Django Central Authentication Service (CAS) single sign-on and single logout server. It implements the CAS 1.0, 2.0 and 3.0 protocols, including some of the optional features.
CAS is a single sign-on and single logout web protocol that allows a user to access multiple applications after providing their credentials a single time. It utilizes security tickets, unique text strings generated and validated by the server, allowing applications to authenticate a user without direct access to the user's credentials (typically a user ID and password).
Community
- 1
- 1
Rockallite
- 16,437
- 7
- 54
- 48
12
Take a look at django-cas-provider + django-cas-consumer (or django-cas)
dwurf
- 12,393
- 6
- 30
- 42
Mikhail Korobov
- 21,908
- 8
- 73
- 65
-
28At this point, using authentication libraries that haven't been touched in years seems like a bad idea, since new vulnerabilities typically come to light every year and things get broken as django comes out with new versions. – B Robster Nov 12 '14 at 15:23
-
django-mama-cas is fresh and maintained http://stackoverflow.com/a/36539275/1783439 – nu everest Sep 13 '16 at 23:56
-
1I dont think django-mama-cas isn't active now. It's been almost 9 months since the last commit. Issues have also been pending since. Looks like https://github.com/onelogin/python3-saml/ is being maintained. – Nautatava Navlakha Dec 05 '19 at 06:44
7
Django Simple SSO is another one.
https://github.com/aldryn/django-simple-sso
article about how to use this repo a article
Jamil Noyda
- 3,321
- 2
- 21
- 26
nu everest
- 9,589
- 12
- 71
- 90
3
You may implement SSO as follows:
- Shibboleth as Identity Provider
- Django website as Service Provider
I've just finished writing detailed guide on my blog: http://codeinpython.blogspot.com/2015/11/how-to-setup-shibboleth-identity.html
Sergey
- 321
- 2
- 9
3
CAS (Central Authentication Service) is a good solution that supports SSO (Single Sign-On) and Single Logout (SLO) for Django and Flask. Here is a setup instruction to have a CAS server and multiple clients with the same login/logout:
- A CAS-Client is needed so I used the new generation of Django-CAS called django-cas-ng package and here is its configuration to make your own client. (Also, here is a pre-configured client repo)
- A CAS-Server is needed so I used a pre-configured repo.
[NOTE]:
- It supports Django 1.11, 2.x, 3.x
[UPDATE]:
- It's also worth mentioning that, you have to change the default clients'
SESSION_COOKIE_NAMEin order to make distinguishable sessions to avoid conflicts at login/logout. In Django, you should add the following line in thesettings.pyfor each Django client:
SESSION_COOKIE_NAME = 'client1_sess'
Benyamin Jafari
- 27,880
- 26
- 135
- 150
2
I have used https://github.com/onelogin/python3-saml with Azure AD and Google–pretty simple setup with great docs and support.
aedry
- 336
- 4
- 14