Django SSO authentication provider
Project description
django-auth-tkt, a Django SSO authentication provider
Introduction
This tiny module adds mod_auth_tkt login support to a Django site. Whenever a user logs in to Django, an additional SSO ticket is created that can be used to also access other authenticated URLs outside of Django.
As a convenience, the names of all groups to which the logged in user belongs to are added to the token list of the SSO ticket. This can be used for TKTAuthToken access control.
It does not add any authentication backend, you can use either the included ModelBackend or any other that works with Django's AuthenticationMiddleware.
The lifetime of tickets can be configured in the Django settings.py. When the user logs out of Django, the ticket is also invalidated.
Usage
Add git+https://github.com/dnknth/django-auth-tkt.git to requirements.txt.
In settings.py:
- Optionally (but recommended), add
django_auth_tkt.SsoMiddlewareto theMIDDLEWARElist. It logs out the current user from Django when teh SSO ticket expires and relies ondjango.contrib.auth.middleware.AuthenticationMiddleware, so it should be placed below it. - Also optionally, define the lifetime of tickets, e.g.
SSO_TICKET_LIFETIME = timedelta(days=1). The default value is one hour. - The default cookie name of the ticket is
auth_tkt, it can be changed with theSSO_TICKET_NAMEsetting. - The default hash algorithm is MD5. It can be adjusted with
SSO_HASH_ALGORITHM, allowed values are'md5','sha256'and'sha512'.
Decorate the authentication views in the urlpatterns of the main urls.py, for example:
from django.contrib import admin
from django.contrib.auth import views as auth_views
from django.urls import include, path
import django_auth_tkt as sso
urlpatterns = [
path('accounts/login/', sso.auth(auth_views.LoginView.as_view(
redirect_authenticated_user=True))),
path('accounts/logout/', sso.unauth(auth_views.LogoutView.as_view())),
path('accounts/', include('django.contrib.auth.urls')),
path('admin/login/', sso.auth(admin.site.login)),
path('admin/logout/', sso.unauth(admin.site.logout)),
path('admin/', admin.site.urls),
]
For Apache configuration examples, see mod_auth_tkt(3).
Caveats
- The underlying auth_tkt module only supports insecure MD5 hashing.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file django-auth-tkt-0.1.0.tar.gz.
File metadata
- Download URL: django-auth-tkt-0.1.0.tar.gz
- Upload date:
- Size: 4.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.6.0 importlib_metadata/4.8.2 pkginfo/1.8.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | e2a61eb9dc095b94b8f2f3f2a87ef76819de6081f6f414c5a870f640775157ff |
|
| MD5 | 274801a484d1407e8a15713ad2992bb4 |
|
| BLAKE2b-256 | b94f5943468747273d88570ed3c09fc861612e31e46b8c143a7396850f188bc2 |
File details
Details for the file django_auth_tkt-0.1.0-py2.py3-none-any.whl.
File metadata
- Download URL: django_auth_tkt-0.1.0-py2.py3-none-any.whl
- Upload date:
- Size: 5.2 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.6.0 importlib_metadata/4.8.2 pkginfo/1.8.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 85e426b983a8df5ceabb772337a86f39c25466dc9de0737b2e6ca11bd9fe383b |
|
| MD5 | 9fd9e8793dd188d35111ce8ce953d360 |
|
| BLAKE2b-256 | 2e136bb47efb684db158e6ef72922262491ec6b05600ff700614e9a758e68783 |
