Skip to main content

Django middleware for handling of external identities.

Project description

Set of middlewares to simplify consumption of external identity information in Web projects set up with Django Web framework.

identity.external.PersistentRemoteUserMiddlewareVar

When non-standard (different than REMOTE_USER) environment variable is used to pass information about externally authenticated user, this middleware can be used to customize the variable name without writing Python code.

For example, when consuming the information from some authentication HTTP proxy, HTTP request header values are passed as HTTP_-prefixed environment variables. If the authenticated user name is in X-Remote-User HTTP request header, it is available in HTTP_X_REMOTE_USER environment variable. Setting variable REMOTE_USER_VAR to HTTP_X_REMOTE_USER, for example with Apache HTTP Server directive

SetEnv REMOTE_USER_VAR HTTP_X_REMOTE_USER

and enabling identity.external.PersistentRemoteUserMiddlewareVar in MIDDLEWARE list after django.contrib.auth.middleware.AuthenticationMiddleware like

MIDDLEWARE = [
        ...
        'django.contrib.auth.middleware.AuthenticationMiddleware',
        'identity.external.PersistentRemoteUserMiddlewareVar',
        ...
]

will run django.contrib.auth.middleware.PersistentRemoteUserMiddleware with value from environment variable HTTP_X_REMOTE_USER.

identity.external.RemoteUserAttrMiddleware

When user is externally authenticated, for example via django.contrib.auth.middleware.RemoteUserMiddleware or django.contrib.auth.middleware.PersistentRemoteUserMiddleware, additional user attributes can be provided by the external authentication source.

This middleware will update user’s email address, first and last name, and group membership in groups prefixed with ext: with information coming from environment variables

  • REMOTE_USER_EMAIL

  • REMOTE_USER_FIRSTNAME

  • REMOTE_USER_LASTNAME

  • REMOTE_USER_GROUP_N

  • REMOTE_USER_GROUP_1, REMOTE_USER_GROUP_2, …

  • REMOTE_USER_GROUPS

where the REMOTE_USER prefix of these variables can be changed with the REMOTE_USER_VAR environment variable, just like with identity.external.PersistentRemoteUserMiddlewareVar.

The values are used verbating, as provided by Django. When REMOTE_USER_VALUES_ENCODING environment variable is set to base64url, the values are expected to be in this format and decoded to Unicode.

Users that are in external group admins (and thus get assigned to group ext:admins in Django) will also get the is_staff flag set and thus will be able to log in to the admin application.

The ext: prefixed groups have to be already created in Django database for the user membership to be updated in them.

In the MIDDLEWARE list, this middleware has to be listed after the authenticating middleware, for example

MIDDLEWARE = [
    ...
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.auth.middleware.PersistentRemoteUserMiddleware',
    'identity.external.RemoteUserAttrMiddleware',
    ...
]

See also

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django_identity_external-0.8.1.tar.gz (8.2 kB view details)

Uploaded Source

Built Distribution

django_identity_external-0.8.1-py3-none-any.whl (8.2 kB view details)

Uploaded Python 3

File details

Details for the file django_identity_external-0.8.1.tar.gz.

File metadata

File hashes

Hashes for django_identity_external-0.8.1.tar.gz
Algorithm Hash digest
SHA256 c93ec91dd56cee3d1fdd40e306d112fcd5f29b9321a59bb95c931baf0113cca3
MD5 44d1c6aab398b2bc986f8f0e94f489db
BLAKE2b-256 d87601528d9e4f6eb9801247903e8db9d1f7ba88f70c7fa4b44180ec03b0e138

See more details on using hashes here.

File details

Details for the file django_identity_external-0.8.1-py3-none-any.whl.

File metadata

File hashes

Hashes for django_identity_external-0.8.1-py3-none-any.whl
Algorithm Hash digest
SHA256 e016d63499a950da532f2d7928e1f49d95fabe386e816b2b91593edee47ef137
MD5 35a2c735f4733ce7bc7e0d6fb32fc178
BLAKE2b-256 67e961076c70941bc52accf3aed06bafb9b91b62a96770570fdcf46ec6febdce

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page