Django SSO authentication provider
Project description
django-auth-tkt
, a Django SSO authentication provider
Introduction
This tiny module adds mod_auth_tkt login support to a Django site. Whenever a user logs in to Django, an additional SSO ticket is created that can be used to also access other authenticated URLs outside of Django.
As a convenience, the names of all groups to which the logged in user belongs to are added to the token
list of the SSO ticket. This can be used for TKTAuthToken
access control.
It does not add any authentication backend, you can use either the included ModelBackend
or any other that works with Django's AuthenticationMiddleware
.
The lifetime of tickets can be configured in the Django settings.py
. When the user logs out of Django, the ticket is also invalidated.
Usage
Add git+https://github.com/dnknth/django-auth-tkt.git
to requirements.txt
.
In settings.py
:
- Optionally (but recommended), add
django_auth_tkt.SsoMiddleware
to theMIDDLEWARE
list. It logs out the current user from Django when teh SSO ticket expires and relies ondjango.contrib.auth.middleware.AuthenticationMiddleware
, so it should be placed below it. - Also optionally, define the lifetime of tickets, e.g.
SSO_TICKET_LIFETIME = timedelta(days=1)
. The default value is one hour. - The default cookie name of the ticket is
auth_tkt
, it can be changed with theSSO_TICKET_NAME
setting. - The default hash algorithm is MD5. It can be adjusted with
SSO_HASH_ALGORITHM
, allowed values are'md5'
,'sha256'
and'sha512'
.
Decorate the authentication views in the urlpatterns
of the main urls.py
, for example:
from django.contrib import admin
from django.contrib.auth import views as auth_views
from django.urls import include, path
import django_auth_tkt as sso
urlpatterns = [
path('accounts/login/', sso.auth(auth_views.LoginView.as_view(
redirect_authenticated_user=True))),
path('accounts/logout/', sso.unauth(auth_views.LogoutView.as_view())),
path('accounts/', include('django.contrib.auth.urls')),
path('admin/login/', sso.auth(admin.site.login)),
path('admin/logout/', sso.unauth(admin.site.logout)),
path('admin/', admin.site.urls),
]
For Apache configuration examples, see mod_auth_tkt(3).
Caveats
- The underlying auth_tkt module only supports insecure MD5 hashing.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for django_auth_tkt-0.1.0-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 85e426b983a8df5ceabb772337a86f39c25466dc9de0737b2e6ca11bd9fe383b |
|
MD5 | 9fd9e8793dd188d35111ce8ce953d360 |
|
BLAKE2b-256 | 2e136bb47efb684db158e6ef72922262491ec6b05600ff700614e9a758e68783 |