Skip to main content
This is a pre-production deployment of Warehouse. Changes made here affect the production instance of PyPI (
Help us improve Python packaging - Donate today!

A Django authentication backend for Microsoft ADFS

Project Description

ADFS Authentication for Django

A Django authentication backend for Microsoft ADFS


  • Integrates Django with Active Directory through Microsoft ADFS by using OAuth2.
  • Provides seamless single sign on (SSO) for your Django project on intranet environments.
  • Auto creates users and adds them to Django groups based on info in JWT claims received from ADFS.


Python package:

pip install django-auth-adfs

In your project’s


    # Needed for the ADFS redirect URI to function

# checkout for more settings
    "SERVER": "",
    "CLIENT_ID": "your-configured-client-id",
    "RESOURCE": "your-adfs-RPT-name",
    # Make sure to read the documentation about the AUDIENCE setting
    # when you configured the identifier as a URL!
    "AUDIENCE": "microsoft:identityserver:your-RelyingPartyTrust-identifier",
    "ISSUER": "",
    "CA_BUNDLE": "/path/to/ca-bundle.pem",
    "CLAIM_MAPPING": {"first_name": "given_name",
                      "last_name": "family_name",
                      "email": "email"},
    "REDIR_URI": "",

        'OPTIONS': {
            'context_processors': [
                # Only needed if you want to use the variable ADFS_AUTH_URL in your templates

    # With this you can force a user to login without using
    # the @login_required decorator for every view function
    # You can specify URLs for which login is not forced by
    # specifying them in LOGIN_EXEMPT_URLS in
    # The values in LOGIN_EXEMPT_URLS are interpreted as regular expressions.

# Or, when using django <1.10

In your project’s

urlpatterns = [
    # Needed for the redirect URL to function
    url(r'^oauth2/', include('django_auth_adfs.urls')),
    # If you're using Django 1.8, this code should be used instead
    url(r'^oauth2/', include('django_auth_adfs.urls', namespace='django_auth_adfs')),

The URL you have to configure as the redirect URL in ADFS depends on the url pattern you configure. In the example above you have to make the redirect url in ADFS point to


Contributions to the code are more then welcome. For more details have a look at the CONTRIBUTING.rst file.


0.2.1 - 2017-10-20

  • Django 2.0 support and tests.

0.2.0 - 2017-09-14

  • Fixed a bug were authentication failed when the last ADFS signing key was not the one that signed the JWT token.
  • Django 1.11 support and tests.
  • Proper handling the absence of ‘code’ query parameter after ADFS redirect.
  • Added ADFS configuration guide to docs.
  • Allow boolean user model fields to be set based on claims.
  • The namespace argument for include() is not needed anymore on Django >=1.9.
  • Fixed some Django 2.0 deprecation warnings, improving future django support.

0.1.2 - 2017-03-11

  • Support for django 1.10 new style middleware using the MIDDLEWARE setting.

0.1.1 - 2016-12-13

  • Numerous typos fixed in code and documentation.
  • Proper handling of class variables to allow inheriting from the class AdfsBackend.

0.1.0 - 2016-12-11

  • By default, the ADFS signing certificate is loaded from the FederationMetadata.xml file every 24 hours. Allowing to automatically follow certificate updates when the ADFS settings for AutoCertificateRollover is set to True (the default).
  • Group assignment optimisation. Users are not removed and added to all groups anymore. Instead only the groups that need to be removed or added are handled.

Backwards incompatible changes

  • The redundant ADFS_ prefix was removed from the configuration variables.

0.0.5 - 2016-12-10

  • User update code in authentication backend split into separate functions.

0.0.4 - 2016-03-14

  • Made the absence of the group claim non-fatal to allow users without a group.

0.0.3 - 2016-02-21

  • ADFS_REDIR_URI is now a required setting
  • Now supports Python 2.7, 3.4 and 3.5
  • Now supports Django 1.7, 1.8 and 1.9
  • Added debug logging to aid in troubleshooting
  • Added unit tests
  • Lot’s of code cleanup

0.0.2 - 2016-02-11

  • Fixed a possible issue with the cryptography package when used with apache + mod_wsgi.
  • Added a optional context processor to make the ADFS authentication URL available as a template variable (ADFS_AUTH_URL).
  • Added a optional middleware class to be able force an anonymous user to authenticate.

0.0.1 - 2016-02-09

  • Initial release
Release History

Release History

This version
History Node


History Node


History Node


History Node


History Node


History Node


History Node


History Node


History Node


History Node


Download Files

Download Files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
django_auth_adfs-0.2.1-py2.py3-none-any.whl (26.8 kB) Copy SHA256 Checksum SHA256 py2.py3 Wheel Oct 20, 2017
django-auth-adfs-0.2.1.tar.gz (413.1 kB) Copy SHA256 Checksum SHA256 Source Oct 20, 2017

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting