Use Django for SSO - this package provides a bridge for third party packages.
django-sessionprofile is the bridge between any software with customizable auth backends and Django. If you want to use Django for Single-Sign-On, this package does the Django heavy lifting.
Installation - Django
$ pip install django-sessionprofile
Add sessionprofile to INSTALLED_APPS, and run python manage.py migrate.
Add the sessionprofile middleware (sessionprofile.middleware.SessionProfileMiddleware) to your middleware settings - make sure it comes before the SessionMiddleware.
Additionally, the session cookie must be available for the third party application, this should not be a problem if it lives on the same domain.
Currently one backend is available: ‘sessionprofile.backends.DatabaseBackend’. In the future, alternative backends will be possible, like ‘sessionprofile.backends.CachedDatabaseBackend’.
Installation - third party application
This depends on which backend you decided to use, the example assumes the db backend.
When authenticating in the third party application, you should read the session cookie (SESSION_COOKIE_NAME), and query the sessionprofile table:
SELECT users_user.username, users_user.email FROM users_user, sessionprofile_sessionprofile sp WHERE sp.session_id = ‘<sessionid_from_cookie>’ AND users_user.id = sp.user_id
It’s up to you to implement the rest of the authentication flow. An example for phpBB 3.0.x is provided in the docs.
Many thanks go to Resolver Systems Ltd (now part of PythonAnywhere) who made the initial version of this library, specifically aimed on phpBB3.
Django 1.9 will ship with customizable DB Session Backends, we might provide such a backend which would reduce the need for the middleware.
See Github PR.
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|Filename, size & hash SHA256 hash help||File type||Python version||Upload date|
|django_sessionprofile-1.0-py2.py3-none-any.whl (11.2 kB) Copy SHA256 hash SHA256||Wheel||2.7||Aug 13, 2016|
|django-sessionprofile-1.0.tar.gz (5.6 kB) Copy SHA256 hash SHA256||Source||None||Aug 13, 2016|