A Django authentication backend for Microsoft ADFS and AzureAD
Project description
A Django authentication backend for Microsoft ADFS and Azure AD
- Free software: BSD License
- Homepage: https://github.com/snok/django-auth-adfs
- Documentation: http://django-auth-adfs.readthedocs.io/
Features
- Integrates Django with Active Directory on Windows 2012 R2, 2016 or Azure AD in the cloud.
- Provides seamless single sign on (SSO) for your Django project on intranet environments.
- Auto creates users and adds them to Django groups based on info received from ADFS.
- Django Rest Framework (DRF) integration: Authenticate against your API with an ADFS access token.
Installation
Python package:
pip install django-auth-adfs
In your project’s settings.py add these settings.
AUTHENTICATION_BACKENDS = ( ... 'django_auth_adfs.backend.AdfsAuthCodeBackend', ... ) INSTALLED_APPS = ( ... # Needed for the ADFS redirect URI to function 'django_auth_adfs', ... # checkout the documentation for more settings AUTH_ADFS = { "SERVER": "adfs.yourcompany.com", "CLIENT_ID": "your-configured-client-id", "RELYING_PARTY_ID": "your-adfs-RPT-name", # Make sure to read the documentation about the AUDIENCE setting # when you configured the identifier as a URL! "AUDIENCE": "microsoft:identityserver:your-RelyingPartyTrust-identifier", "CA_BUNDLE": "/path/to/ca-bundle.pem", "CLAIM_MAPPING": {"first_name": "given_name", "last_name": "family_name", "email": "email"}, } # Configure django to redirect users to the right URL for login LOGIN_URL = "django_auth_adfs:login" LOGIN_REDIRECT_URL = "/" ######################## # OPTIONAL SETTINGS ######################## MIDDLEWARE = ( ... # With this you can force a user to login without using # the LoginRequiredMixin on every view class # # You can specify URLs for which login is not enforced by # specifying them in the LOGIN_EXEMPT_URLS setting. 'django_auth_adfs.middleware.LoginRequiredMiddleware', )
In your project’s urls.py add these paths:
urlpatterns = [ ... path('oauth2/', include('django_auth_adfs.urls')), ]
This will add these paths to Django:
- /oauth2/login where users are redirected to, to initiate the login with ADFS.
- /oauth2/login_no_sso where users are redirected to, to initiate the login with ADFS but forcing a login screen.
- /oauth2/callback where ADFS redirects back to after login. So make sure you set the redirect URI on ADFS to this.
- /oauth2/logout which logs out the user from both Django and ADFS.
You can use them like this in your django templates:
<a href="{% url 'django_auth_adfs:logout' %}">Logout</a> <a href="{% url 'django_auth_adfs:login' %}">Login</a> <a href="{% url 'django_auth_adfs:login-no-sso' %}">Login (no SSO)</a>
Contributing
Contributions to the code are more then welcome. For more details have a look at the CONTRIBUTING.rst file.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
django-auth-adfs-1.9.6.tar.gz
(15.9 kB
view hashes)
Built Distribution
Close
Hashes for django_auth_adfs-1.9.6-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b6b897a69fcbf5b374405e2fd61d32bbf28d6c917f4849f825f203945352c345 |
|
| MD5 | 62fc759d391e647ddfb48f6037aa2fb0 |
|
| BLAKE2-256 | 97f4fc4071c1d9b45c69a71fdbbe8b200a2b5a42f40ee5bfa116f4f3d73d84d4 |