Skip to main content

Atlassian Crowd SSO integration for Django applications

Project description

This package includes a authentication backend and an authentication middleware to integrate Django’s authentication system with Atlassian Crowd.

When authenticating an user against Crowd, its nested groups are retrieved and mirrored in Django.


  • To authenticate users against Crowd, add django_crowd_auth.backends.Backend to AUTHENTICATION_BACKENDS.
  • To enable single-sign-on, add django_crowd_auth.middlewares.sso to MIDDLEWARE. Ensure you also have django.contrib.sessions.middleware.SessionMiddleware and django.contrib.auth.middleware.AuthenticationMiddleware placed before it.
  • Ensure django.contrib.sessions is in INSTALLED_APPS.
  • Add settings (see below)


Often the SSL session does not terminates directly on the Django application, but on an intermediate proxy.

This package also includes 3 middlewares that rewrites the user’s REMOTE_ADDR using header set by these proxies:

  • django_crowd_auth.middlewares.x_forwarded_for: Override REMOTE_ADDR with the first X-Forwarded-For entry.
  • django_crowd_auth.middlewares.x_real_ip: Override REMOTE_ADDR with the X-Real-IP value.
  • django_crowd_auth.middlewares.fake_remote_addr: Override REMOTE_ADDR with the FAKE_REMOTE_ADDR settings value.


Only use these middlewares when you KNOW what you’re doing. Otherwise you could enable attackers to spoof their IP address.


As the SSO middleware needs REMOTE_ADDR, these middlewares must be declared BEFORE the SSO middleware.


  • CROWD_CLIENT: must be a dict with these keys:
    • crowd_url: mandatory
    • app_name: mandatory
    • app_pass: mandatory
    • ssl_verify: defaults to True. Also accepts a path to a CA bundle.
    • timeout: no timeout by default
    • client_cert
  • CROWD_USERS_ARE_ACTIVE: Defaults to True. If True, set the is_active user model attribute to True when creating Django users.
  • CROWD_USERS_ARE_STAFF: Defaults to False. If True, set the is_staff user model attribute to True when creating Django users.
  • CROWD_SUPERUSERS_GROUP: If defined, set the is_superuser user model attribute to True when they belong to the chosen group. By side effect, these users also get the is_staff attribute set to True.
  • CROWD_SESSION_VALIDATION_INTERVAL: Default to 300 seconds. The user’s Crowd session is re-validated at this interval.


    'crowd_url': '',
    'app_name': 'foo',
    'app_pass': 'bar',
    'ssl_verify': '/etc/pki/tls/certs/ca-bundle.crt',
    'timeout': 10,
CROWD_SUPERUSERS_GROUP = 'administrators'
AUTHENTICATION_BACKENDS = ['django_crowd_auth.backends.Backend']


While users and groups are created on the fly (i.e. when they access the Django application), it is sometimes necessary to mirror Crowd users and groups in Django.

This package includes a sync_crowd management command for this purpose. To use it, simply add django_crowd_auth to the INSTALLED_APPS.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for django-crowd-auth, version 0.8.0
Filename, size File type Python version Upload date Hashes
Filename, size django-crowd-auth-0.8.0.tar.gz (6.3 kB) File type Source Python version None Upload date Hashes View

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page