Skip to content
Middleware for using Shibboleth with Django
Python HTML
Find file
Latest commit 7c433f3 May 2, 2016 @jrhoads jrhoads Merge pull request #34 from Brown-University-Library/new_dev_version
set version to 0.8-dev for new development

README.md

django-shibboleth-remoteuser

Middleware for using Shibboleth with Django. Requires Django 1.3 or above for RemoteAuthMiddleware.

Build Status

Installation and configuration

  • Either checkout and run python setup.py install or install directly from Github with pip:

    pip install git+https://github.com/Brown-University-Library/django-shibboleth-remoteuser.git
    
  • In settings.py :

    • Enable the RemoteUserBackend.

      AUTHENTICATION_BACKENDS += (
        'shibboleth.backends.ShibbolethRemoteUserBackend',
      )
    • Add the Django Shibboleth middleware. You must add the django.contrib.auth.middleware.ShibbolethRemoteUserMiddleware to the MIDDLEWARE_CLASSES setting after the django.contrib.auth.middleware.AuthenticationMiddleware. For example:

    MIDDLEWARE_CLASSES = (
    ...
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'shibboleth.middleware.ShibbolethRemoteUserMiddleware',
    ...
    )
    • Map Shibboleth attributes to Django User models. The attributes must be stated in the form they have in the HTTP headers. Use this to populate the Django User object from Shibboleth attributes.

      The first element of the tuple states if the attribute is required or not. If a reqired element is not found in the parsed Shibboleth headers, an exception will be raised. (True, "required_attribute") (False, "optional_attribute).

      SHIBBOLETH_ATTRIBUTE_MAP = {
         "shib-user": (True, "username"),
         "shib-given-name": (True, "first_name"),
         "shib-sn": (True, "last_name"),
         "shib-mail": (False, "email"),
      }
    • Login url - set this to the login handler of your shibboleth installation. In most cases, this will be something like:

    LOGIN_URL = 'https://your_domain.edu/Shibboleth.sso/Login'
  • Apache configuration - make sure the shibboleth attributes are available to the app. The app url doesn't need to require Shibboleth.

    <Location /app>
      AuthType shibboleth
      Require shibboleth
    </Location>
    

Verify configuration

If you would like to verify that everything is configured correctly, follow the next two steps below. It will create a route in your application at /yourapp/shib/ that echos the attributes obtained from Shibboleth. If you see the attributes you mapped above on the screen, all is good.

  • Add shibboleth to installed apps.

    INSTALLED_APPS += (
      'shibboleth',
    )
  • Add below to urls.py to enable the included sample view. This view just echos back the parsed user attributes, which can be helpful for testing.

    urlpatterns += patterns('',
      url(r'^shib/', include('shibboleth.urls', namespace='shibboleth')),
    )

At this point, the django-shibboleth-remoteuser middleware should be complete.

Optional

Template tags

  • Template tags are included which will allow you to place {{ login_link }} or {{ logout_link }} in your templates for routing users to the login or logout page. These are available as a convenience and not required. To activate add the following to settings.py.

    TEMPLATE_CONTEXT_PROCESSORS += (
       'shibboleth.context_processors.login_link',
       'shibboleth.context_processors.logout_link'
    )
Something went wrong with that request. Please try again.