-
-
Notifications
You must be signed in to change notification settings - Fork 98
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Testing observations #14
Comments
Site return redirection: A bypass could be something that remembers the page that triggered the redirect to ADFS an direct the user again to this page when authentication is completed. But the possible ways of doing that are so diverse that it's outside the scope of this package. Logout: While there is a logout URL on ADFS ( |
UPDATE User “Staff” and “Superuser” Status: I did this by updating my CLAIM_MAPPING and by adding the following claim rules:
RULES
User Group / is_staff = False
|
As for the Two things are possible here:
My preference goes to 1 as it allows to support all possible fields you might want to add to the user model of Django. |
RE User “Staff” and “Superuser” Status: RE Logout: setting.py add:
django-auth-urls.py update as follows:
Now when I visit the https://[WEB SERVER FQDN]/oauth2/logout I get logged out of django and redirected to the ADFS logout page. Its just one method which might work for some. |
While testing I found an issue with setting |
OK thanks for the update on this. In my case I have the two groups defined in my "Issuance Authorization Rules" So I guess I will only ever get a user that is in one group or the other. |
I've opened separate issue for your 3 remarks. |
Having done some testing as part of my setup and I have noticed the following:
Site return redirection:
When a user hits a view/page that requires authentication the user is sent to the ADFS login screen, the user signs in and is returned to the URL defined in the “LOGIN_REDIRECT_URL”
Is there any way of passing the current location over to ADFS so the user can return to the same page, I’m not sure if this is a limitation of this module or ADFS. (It’s my understanding that ADFS can do this.)
So for me this solution works well on sites that require a login to the whole site where the user hits the login page as the first point of call rather than a site that has mixed content which displays differently depending on your authentication state.
Logout:
I’m getting mixed results when it comes to logging out a user.
I assume I would need to logout of both Django and close the ADFS session, logging out of Django is not enough as I found that when I revisit the login process I get automatically authenticated (no ADFS sign in required)
Having a function in your code to provide this in a single template call much like the {{ ADFS_AUTH_URL }} context call would be helpful.
User “Staff” and “Superuser” Status
I didn't see an option to be able to add a user with "Staff" or "Superuser" rights
The text was updated successfully, but these errors were encountered: