Skip to main content

CUSTOM Django SAML2 Authentication

Project description

Author:

Cláudio Givisiez

Version:
1.0.3
https://img.shields.io/pypi/pyversions/django-saml2-auth.svg https://img.shields.io/pypi/v/django-saml2-auth.svg https://img.shields.io/pypi/dm/django-saml2-auth.svg

This project aims to provide a different way to use the project made by Fang Li.

Link to original project: https://github.com/fangli/django-saml2-auth

Authentication into your Django powered app. Try it now, and get rid of the complicated configuration of SAML.

Any SAML2 based SSO(Single-Sign-On) identity provider with dynamic metadata configuration is supported by this Django plugin, for example Okta.

Dependencies

This plugin is compatible with Django 1.6/1.7/1.8/1.9. The pysaml2 Python module is required.

Install

You can install this plugin via pip:

# pip install django_saml2_auth_custom

or from source:

# git clone
# cd django-saml2-auth
# python setup.py install

xmlsec is also required by pysaml2:

# yum install xmlsec1
// or
# apt-get install xmlsec1

What does this plugin do?

This plugin takes over Django’s login page and redirect the user to a SAML2 SSO authentication service. Once the user is logged in and redirected back, the plugin will check if the user is already in the system. If not, the user will be created using Django’s default UserModel, otherwise the user will be redirected to their last visited page.

How to use?

  1. Override the default login page in the root urls.py file, by adding these lines BEFORE any urlpatterns:

    # These are the SAML2 related URLs. You can change "^saml2_auth/" regex to
    # any path you want, like "^sso_auth/", "^sso_login/", etc. (required)
    url(r'^saml2_auth/', include('django_saml2_auth_custom.urls')),
    
    # The following line will replace the default user login with SAML2 (optional)
    url(r'^accounts/login/$', 'django_saml2_auth_custom.views.signin'),
    
    # The following line will replace the admin login with SAML2 (optional)
    url(r'^admin/login/$', 'django_saml2_auth_custom.views.signin'),
  2. Add ‘django_saml2_auth_custom’ to INSTALLED_APPS

    INSTALLED_APPS = [
        '...',
        'django_saml2_auth_custom',
    ]
  3. In settings.py, add the SAML2 related configuration.

    Please note, the only required setting is METADATA_AUTO_CONF_URL. The following block shows all required and optional configuration settings and their default values.

    SAML2_AUTH = {
        # Required setting
        'METADATA_AUTO_CONF_URL': '[The auto(dynamic) metadata configuration URL of SAML2]',
    
        # Optional settings
        'NEW_USER_PROFILE': {
            'USER_GROUPS': [],  # The default group name when a new user logs in
            'ACTIVE_STATUS': True,  # The default active status for new users
            'STAFF_STATUS': True,  # The staff status for new users
            'SUPERUSER_STATUS': False,  # The superuser status for new users
        },
        'ATTRIBUTES_MAP': {  # Change Email/UserName/FirstName/LastName to corresponding SAML2 userprofile attributes.
            'email': 'Email',
            'username': 'UserName',
            'first_name': 'FirstName',
            'last_name': 'LastName',
        },
        'TRIGGER': {
            'CREATE_USER': 'path.to.your.new.user.hook.method',
            'BEFORE_LOGIN': 'path.to.your.login.hook.method',
        },
    }
  4. In your SAML2 SSO identity provider, set the Single-sign-on URL and Audience URI(SP Entity ID) to http://your-domain/saml2_auth/acs/

Explanation

METADATA_AUTO_CONF_URL Auto SAML2 metadata configuration URL

NEW_USER_PROFILE Default settings for newly created users

ATTRIBUTES_MAP Mapping of Django user attributes to SAML2 user attributes

TRIGGER Hooks to trigger additional actions during user login and creation flows. These TRIGGER hooks are strings containing a dotted module name which point to a method to be called. The referenced method should accept a single argument which is a dictionary of attributes and values sent by the identity provider, representing the user’s identity.

TRIGGER.CREATE_USER A method to be called upon new user creation. This method will be called before the new user is logged in and after the user’s record is created. This method should accept ONE parameter of user dict.

TRIGGER.BEFORE_LOGIN A method to be called when an existing user logs in. This method will be called before the user is logged in and after user attributes are returned by the SAML2 identity provider. This method should accept ONE parameter of user dict.

Customize

The default permission denied page and user welcome page can be overridden.

To override these pages put a template named ‘django_saml2_auth_custom/welcome.html’ or ‘django_saml2_auth_custom/denied.html’ in your project’s template folder.

If a ‘django_saml2_auth_custom/welcome.html’ template exists, that page will be shown to the user upon login instead of the user being redirected to the previous visited page. This welcome page can contain some first-visit notes and welcome words. The Django user object is available within the template as the user template variable.

To enable a logout page, add the following lines to urls.py, before any urlpatterns:

# The following line will replace the default user logout with the signout page (optional)
url(r'^accounts/logout/$', 'django_saml2_auth_custom.views.signout'),

# The following line will replace the default admin user logout with the signout page (optional)
url(r'^admin/logout/$', 'django_saml2_auth_custom.views.signout'),

To override the built in signout page put a template named ‘django_saml2_auth_custom/signout.html’ in your project’s template folder.

If your SAML2 identity provider uses user attribute names other than the defaults listed in the settings.py ATTRIBUTES_MAP, update them in settings.py.

For Okta Users

I created this plugin originally for Okta.

The METADATA_AUTO_CONF_URL needed in settings.py can be found in the Okta web UI by navigating to the SAML2 app’s Sign On tab, in the Settings box. You should see :

Identity Provider metadata is available if this application supports dynamic configuration.

The Identity Provider metadata link is the METADATA_AUTO_CONF_URL.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django_saml2_auth_custom-1.0.4.tar.gz (10.3 kB view details)

Uploaded Source

Built Distribution

django_saml2_auth_custom-1.0.4-py2.py3-none-any.whl (12.3 kB view details)

Uploaded Python 2 Python 3

File details

Details for the file django_saml2_auth_custom-1.0.4.tar.gz.

File metadata

  • Download URL: django_saml2_auth_custom-1.0.4.tar.gz
  • Upload date:
  • Size: 10.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.2 importlib_metadata/4.7.1 pkginfo/1.7.1 requests/2.22.0 requests-toolbelt/0.9.1 tqdm/4.62.2 CPython/3.8.10

File hashes

Hashes for django_saml2_auth_custom-1.0.4.tar.gz
Algorithm Hash digest
SHA256 158d8d0695d04d954b0cb3f2fbe59b1a962d1bb59dd9cf3ae2360571098547af
MD5 733bf49ac7259cb81977a57fb3b0aaab
BLAKE2b-256 d65885648cf395ddfdc3353990836d665127920ffd1ac7b23f3e6ba13b19a335

See more details on using hashes here.

File details

Details for the file django_saml2_auth_custom-1.0.4-py2.py3-none-any.whl.

File metadata

  • Download URL: django_saml2_auth_custom-1.0.4-py2.py3-none-any.whl
  • Upload date:
  • Size: 12.3 kB
  • Tags: Python 2, Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.2 importlib_metadata/4.7.1 pkginfo/1.7.1 requests/2.22.0 requests-toolbelt/0.9.1 tqdm/4.62.2 CPython/3.8.10

File hashes

Hashes for django_saml2_auth_custom-1.0.4-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 15d458dee53b08e71d3be7d97e7cc880863ba7b56b673543d14aa2a133cfe5f5
MD5 67778ed65e48c90decae91a2f680ca5b
BLAKE2b-256 e7a28a0824ce8f8fe5bd0ab5f3215c4debcf9e1abd6bc4acdb8099d3f2565344

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page