Skip to main content

A Django authentication backend for Microsoft ADFS and AzureAD

Project description

Documentation Status https://img.shields.io/pypi/v/django-auth-adfs.svg https://img.shields.io/pypi/pyversions/django-auth-adfs.svg https://img.shields.io/pypi/djversions/django-auth-adfs.svg https://codecov.io/github/snok/django-auth-adfs/coverage.svg?branch=master

A Django authentication backend for Microsoft ADFS and Azure AD

Features

  • Integrates Django with Active Directory on Windows 2012 R2, 2016 or Azure AD in the cloud.

  • Provides seamless single sign on (SSO) for your Django project on intranet environments.

  • Auto creates users and adds them to Django groups based on info received from ADFS.

  • Django Rest Framework (DRF) integration: Authenticate against your API with an ADFS access token.

Installation

Python package:

pip install django-auth-adfs

In your project’s settings.py add these settings.

AUTHENTICATION_BACKENDS = (
    ...
    'django_auth_adfs.backend.AdfsAuthCodeBackend',
    ...
)

INSTALLED_APPS = (
    ...
    # Needed for the ADFS redirect URI to function
    'django_auth_adfs',
    ...

# checkout the documentation for more settings
AUTH_ADFS = {
    "SERVER": "adfs.yourcompany.com",
    "CLIENT_ID": "your-configured-client-id",
    "RELYING_PARTY_ID": "your-adfs-RPT-name",
    # Make sure to read the documentation about the AUDIENCE setting
    # when you configured the identifier as a URL!
    "AUDIENCE": "microsoft:identityserver:your-RelyingPartyTrust-identifier",
    "CA_BUNDLE": "/path/to/ca-bundle.pem",
    "CLAIM_MAPPING": {"first_name": "given_name",
                      "last_name": "family_name",
                      "email": "email"},
}

# Configure django to redirect users to the right URL for login
LOGIN_URL = "django_auth_adfs:login"
LOGIN_REDIRECT_URL = "/"

########################
# OPTIONAL SETTINGS
########################

MIDDLEWARE = (
    ...
    # With this you can force a user to login without using
    # the LoginRequiredMixin on every view class
    #
    # You can specify URLs for which login is not enforced by
    # specifying them in the LOGIN_EXEMPT_URLS setting.
    'django_auth_adfs.middleware.LoginRequiredMiddleware',
)

In your project’s urls.py add these paths:

urlpatterns = [
    ...
    path('oauth2/', include('django_auth_adfs.urls')),
]

This will add these paths to Django:

  • /oauth2/login where users are redirected to, to initiate the login with ADFS.

  • /oauth2/login_no_sso where users are redirected to, to initiate the login with ADFS but forcing a login screen.

  • /oauth2/callback where ADFS redirects back to after login. So make sure you set the redirect URI on ADFS to this.

  • /oauth2/logout which logs out the user from both Django and ADFS.

Below is sample Django template code to use these paths depending if you’d like to use GET or POST requests. Logging out was deprecated in Django 4.1.

  • Using GET requests:

    <a href="{% url 'django_auth_adfs:logout' %}">Logout</a>
    <a href="{% url 'django_auth_adfs:login' %}">Login</a>
    <a href="{% url 'django_auth_adfs:login-no-sso' %}">Login (no SSO)</a>
  • Using POST requests:

    <form method="post" action="{% url 'django_auth_adfs:logout' %}">
        {% csrf_token %}
        <button type="submit">Logout</button>
    </form>
    <form method="post" action="{% url 'django_auth_adfs:login' %}">
        {% csrf_token %}
        <input type="hidden" name="next" value="{{ next }}">
        <button type="submit">Login</button>
    </form>
    <form method="post" action="{% url 'django_auth_adfs:login-no-sso' %}">
        {% csrf_token %}
        <input type="hidden" name="next" value="{{ next }}">
        <button type="submit">Login (no SSO)</button>
    </form>

Contributing

Contributions to the code are more then welcome. For more details have a look at the CONTRIBUTING.rst file.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django_auth_adfs-1.15.0.tar.gz (16.8 kB view details)

Uploaded Source

Built Distribution

django_auth_adfs-1.15.0-py3-none-any.whl (19.4 kB view details)

Uploaded Python 3

File details

Details for the file django_auth_adfs-1.15.0.tar.gz.

File metadata

  • Download URL: django_auth_adfs-1.15.0.tar.gz
  • Upload date:
  • Size: 16.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/2.0.1 CPython/3.9.21 Linux/6.8.0-1017-azure

File hashes

Hashes for django_auth_adfs-1.15.0.tar.gz
Algorithm Hash digest
SHA256 453495b45fe9d554e4bad060ec7a7890fc541428a9c69b82e15653b0f1cd0f3a
MD5 105c61e1abbca688162d24a84756e426
BLAKE2b-256 ddcf5bac48dc59e2591906369c396d5c6dde551aa93b2da7547e6ea33d3a770e

See more details on using hashes here.

File details

Details for the file django_auth_adfs-1.15.0-py3-none-any.whl.

File metadata

  • Download URL: django_auth_adfs-1.15.0-py3-none-any.whl
  • Upload date:
  • Size: 19.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/2.0.1 CPython/3.9.21 Linux/6.8.0-1017-azure

File hashes

Hashes for django_auth_adfs-1.15.0-py3-none-any.whl
Algorithm Hash digest
SHA256 89facca20469de0a002e878921457e0aebc962f8881db223ad052e2bbce56d20
MD5 de79ab90eb300b838154bcce812365be
BLAKE2b-256 44ce248a107937af0031defc375cb04fdd6548a497e050349df32cf2daaaeac9

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page