Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Single Sign On solution für the django admin wich authenticates users via an openid
Python
branch: master

Merge pull request #16 from matthiask/mk

Follow OpenID Connect (OAuth 2.0 for Login)
latest commit 04935aa31f
@frog32 authored

README.rst

Django admin SSO

https://travis-ci.org/frog32/django-admin-sso.png?branch=master https://coveralls.io/repos/frog32/django-admin-sso/badge.png?branch=master https://pypip.in/v/django-admin-sso/badge.png

Django admin SSO lets users login to a django admin using an OAuth2 or an openid provider. It then looks up the email address of the new user and looks up the rights for them.

Installation

  1. Make sure you have a working django project setup.

  2. Install django-admin-sso using pip:

    pip install django-admin-sso
    
  3. Add admin_sso to INSTALLED_APPS in your settings.py file:

    INSTALLED_APPS = (
        ...
        'admin_sso',
        ...
    )
    
  4. Add the django-admin authentication backend:

    AUTHENTICATION_BACKENDS = (
        'admin_sso.auth.DjangoSSOAuthBackend',
        'django.contrib.auth.backends.ModelBackend',
    )
    
  5. Insert your oauth client id and secret key into your settings file:

    DJANGO_ADMIN_SSO_OAUTH_CLIENT_ID = 'your client id here'
    DJANGO_ADMIN_SSO_OAUTH_CLIENT_SECRET = 'your client secret here'
    

Navigate to Google's Developer Console, create a new project, and create a new client ID under the menu point "APIs & AUTH", "Credentials". The redirect URI should be of the form http://example.com/admin/admin_sso/assignment/end/

If you don't specify a client id django-admin-sso will fallback to openid.

  1. Run syncdb to create the needed database tables.
  2. Log into the admin and add an Assignment.

Assignments

Any Remote User -> Local User X

  • Select Username mode "any".
  • Set Domain to your authenticating domain.
  • Select your local user from the User drop down.

Remote User -> Local User

  • Select Username mode "matches" or "don't match".
  • Set username to [not] match by.
  • Set Domain to your authenticating domain.
  • Select your local user from the User drop down.

Changelog

1.0

Something went wrong with that request. Please try again.