A Django authentication backend for Microsoft ADFS and AzureAD
Project description
A Django authentication backend for Microsoft ADFS and Azure AD
- Free software: BSD License
- Homepage: https://github.com/snok/django-auth-adfs
- Documentation: http://django-auth-adfs.readthedocs.io/
Features
- Integrates Django with Active Directory on Windows 2012 R2, 2016 or Azure AD in the cloud.
- Provides seamless single sign on (SSO) for your Django project on intranet environments.
- Auto creates users and adds them to Django groups based on info received from ADFS.
- Django Rest Framework (DRF) integration: Authenticate against your API with an ADFS access token.
Installation
Python package:
pip install django-auth-adfs
In your project’s settings.py add these settings.
AUTHENTICATION_BACKENDS = ( ... 'django_auth_adfs.backend.AdfsAuthCodeBackend', ... ) INSTALLED_APPS = ( ... # Needed for the ADFS redirect URI to function 'django_auth_adfs', ... # checkout the documentation for more settings AUTH_ADFS = { "SERVER": "adfs.yourcompany.com", "CLIENT_ID": "your-configured-client-id", "RELYING_PARTY_ID": "your-adfs-RPT-name", # Make sure to read the documentation about the AUDIENCE setting # when you configured the identifier as a URL! "AUDIENCE": "microsoft:identityserver:your-RelyingPartyTrust-identifier", "CA_BUNDLE": "/path/to/ca-bundle.pem", "CLAIM_MAPPING": {"first_name": "given_name", "last_name": "family_name", "email": "email"}, } # Configure django to redirect users to the right URL for login LOGIN_URL = "django_auth_adfs:login" LOGIN_REDIRECT_URL = "/" ######################## # OPTIONAL SETTINGS ######################## MIDDLEWARE = ( ... # With this you can force a user to login without using # the LoginRequiredMixin on every view class # # You can specify URLs for which login is not enforced by # specifying them in the LOGIN_EXEMPT_URLS setting. 'django_auth_adfs.middleware.LoginRequiredMiddleware', )
In your project’s urls.py add these paths:
urlpatterns = [ ... path('oauth2/', include('django_auth_adfs.urls')), ]
This will add these paths to Django:
- /oauth2/login where users are redirected to, to initiate the login with ADFS.
- /oauth2/login_no_sso where users are redirected to, to initiate the login with ADFS but forcing a login screen.
- /oauth2/callback where ADFS redirects back to after login. So make sure you set the redirect URI on ADFS to this.
- /oauth2/logout which logs out the user from both Django and ADFS.
You can use them like this in your django templates:
<a href="{% url 'django_auth_adfs:logout' %}">Logout</a> <a href="{% url 'django_auth_adfs:login' %}">Login</a> <a href="{% url 'django_auth_adfs:login-no-sso' %}">Login (no SSO)</a>
Contributing
Contributions to the code are more then welcome. For more details have a look at the CONTRIBUTING.rst file.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
| Filename, size | File type | Python version | Upload date | Hashes |
|---|---|---|---|---|
| Filename, size django_auth_adfs-1.6.1-py3-none-any.whl (20.2 kB) | File type Wheel | Python version py3 | Upload date | Hashes View |
| Filename, size django-auth-adfs-1.6.1.tar.gz (18.3 kB) | File type Source | Python version None | Upload date | Hashes View |
Close
Hashes for django_auth_adfs-1.6.1-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 9e965efbcc61b327bc217ceeacef47a720a735a3f20f8153192cc1a5dbfffff4 |
|
| MD5 | fa0b1d6c7d96001054a1c1b5f29f74ba |
|
| BLAKE2-256 | 4db6d8e83b15ee8b09addfa1958411c3edf68457583be95a1cd9e13b00675f80 |
