Django admin SSO lets users login to a django admin using an OAuth2 or an openid provider. It then looks up the email address of the new user and looks up the rights for them.
- Make sure you have a working django project setup.
Install django-admin-sso using pip:
pip install django-admin-sso
Add
admin_sso
toINSTALLED_APPS
in yoursettings.py
file:INSTALLED_APPS = ( ... 'admin_sso', ... )
Add the django-admin authentication backend:
AUTHENTICATION_BACKENDS = ( 'admin_sso.auth.DjangoSSOAuthBackend', 'django.contrib.auth.backends.ModelBackend', )
Insert your oauth client id and secret key into your settings file:
DJANGO_ADMIN_SSO_OAUTH_CLIENT_ID = 'your client id here' DJANGO_ADMIN_SSO_OAUTH_CLIENT_SECRET = 'your client secret here'
Navigate to Google's Developer Console, create a new project, and create a new client ID under the menu point "APIs & AUTH", "Credentials". The redirect URI should be of the form http://example.com/admin/admin_sso/assignment/end/
If you don't specify a client id django-admin-sso will fallback to openid.
- Run syncdb to create the needed database tables.
- Log into the admin and add an Assignment.
- Select Username mode "any".
- Set Domain to your authenticating domain.
- Select your local user from the User drop down.
- Select Username mode "matches" or "don't match".
- Set username to [not] match by.
- Set Domain to your authenticating domain.
- Select your local user from the User drop down.
- Add support for OAuth2.0 since google closes its OpenID endpoint https://developers.google.com/accounts/docs/OpenID
- Using OpenID is now deprecated and OpenID support will be removed in a future release.
- Add more tests to get a decent coverage.