Django Single Sign-On implementation

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for DAVIDhaker from gravatar.com DAVIDhaker

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics
Meta

Author: DAVIDhaker

Tags Django, SSO, Single, Sign-On

Requires: Python >=3

Project description

Django SSO (Single Sign-On) v1.0.0a

Realization of SSO for Django.

This library contains two modules.

  • Server side - django_sso.gate module
  • Service side module - django_sso.service

Concept

Conception of module requires Django user subsystem and Django session subsystem - supports custom classes, but he must be based on classical Django classes (AbstractUser / AbstractBaseUser, etc..). This means that you have two ways. One: Do nothing, just install library to server/client and use it. Two: Create own user models based on abstract user classes (models).

One side - server with all accounts. Two side - many services, who can communicate with SSO server and accept from it base user information.

Integration

Server side

  1. Add to INSTALLED_APPS django_sso.gate
# project/settings.py
INSTALLED_APPS = [
    # ...
    'django_sso.gate',
]
  1. Migrate server models
./manage.py migrate gate
  1. Add urls to project:
# project/urls.py

urlpatterns = [
	# ...,
	path('', include('django_sso.gate.urls')),
]
  1. In the admin panel you can see now new section, named SINGLE SIGN-ON. And in External services you should be create new. With next fields:
  • Name - Human name of service
  • Base url - URL for redirects and access to service endpoints from server side. (Like https://your-service.example).
  • Enabled - Are external service active. (Inactive services can’t communicate with server side and server side can’t communicate with it)
  • Token - Automatically generated token you should past to settings.py to your service to SSO_TOKEN variable.

Then server side is ready to use!

Client side

When library app attached to client side app. Admin login form will overridden with same view as login/ in client side.

  1. Add django_sso.service to INSTALLED_APPS
# project/settings.py
INSTALLED_APPS = [
    # ...
    'django_sso.service',
]
  1. Add urls to service application
# project/urls.py

urlpatterns = [
    # ...,
    path('', include('django_sso.service.urls')),    
]
  1. Setup settings variables
# project/settings.py

# Django variable. URL for unlogged users. We redirect it to our view.
LOGIN_URL = '/login/'

# Specify SSO server base url
SSO_ROOT = 'https://sso.project.test'

# Specify application token obtained in SSO server in the admin panel
SSO_TOKEN = 'reej8Vt5kbCPJM9mZQqYsvfxC...'

Structure

Server side urls

  • login/ - central login form (you can override template django_sso/login.html)
  • logout/ - central logout view. Clear all sessions on all resources for user

Internal library urls (endpoints for services):

  • sso/obtain/ - obtain authorization request
  • sso/get/ - get SSO token information. (Is authorized for this token? Get user identity from token. etc..)
  • sso/make_used/ - after successful authentication on client side need to mark authorization request as used.
  • sso/deauthenticate/ - services sends deauthentication requests to SSO-server. SSO server broadcasts all services to deauthenticate user
  • welcome/ - sample view for testing. For logged and unlogged users.

Client side urls

  • login/ - login form. Intermediate form. Obtains authentication request, and redirects to SSO server /login.
  • logout/ - Does deauthenticate user and cast deauthentication event to SSO-server (to sso/deauthenticate/ on server side).
  • sso/test/ - Page for test SSO mechanism immediately after install django_sso. When you open it in browser: If user are logged in - shows his name or redirect to SSO server and comes back after successful authentication.

Library urls for internal usage (endpoints for SSO-server side)

  • sso/push/ - After successful authenticate SSO-server sends to this endpoint basic information about

  • sso/accept/ - User after successful authentication comes back. SSO-server redirect it to this URL for make Django authorization. Then after session is up - browser will redirect to the next URL.

  • sso/deauthenticate/ - Acceptor for deauthentication messages from server side.

To do and coming fixes

  • Access control to subordinated services. Possibility to set available services for single user.

  • Any changes of user model must be immediately sent do subordinated services.

Support

This library in alpha version. Don’t panic. This are draft version. Next time will uploaded fully documented clean version. Plans - make it more better and finish. Also i wanna to make later visual illustrations of logic.

You can support me via

Ethereum: 0x2BD7aA911861029feB08430EEB9a36DC9a8A14d2 (also accept any token :-) )

BUSD/BNB or any token (BEP20): 0x74e47ae3A26b8C5cD84d181595cC62723A1B114E

Any thinks: me@davidhaker.ru

With love to open source!

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for DAVIDhaker from gravatar.com DAVIDhaker

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics
Meta

Author: DAVIDhaker

Tags Django, SSO, Single, Sign-On

Requires: Python >=3


Release history Release notifications | RSS feed

3.0.2

3.0.1

3.0.0

2.0.0

1.1.4

1.1.3

1.1.2

1.1.0

This version

1.0.4.2

1.0.4.1

1.0.4

1.0.3

1.0.2

1.0.1

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django_sso-1.0.4.2.tar.gz (19.2 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page