Skip to main content

Installable OpenLXP Authentication that adds support for SAML

Project description

OpenLXP-Authentication

This is a Django package built on the social-auth-app-django package to allow additional authentication options for the OpenLXP project.

Currently this package adds support for storing SAML configurations in the database used by Django, to allow for site administrators to set SAML configurations through the admin app.

Setup

To install this package install the dependencies from the requirements file (this should happen automatically if using pip) (make sure libxml2-dev libxmlsec1-dev are installed if running in Docker).

Add the required settings to the Django settings file, social_django settings may also be used.

Add the included URLs to Django (this will add the social_django URLs for you).

urlpatterns = [
    ...
    url('', include('openlxp_authentication.urls')),
]

Access the /saml/metadata/ endpoint to view the configuration XML and verify it is correct (if AssertionConsumerService Location is incorrect, there are optional settings to fix it).

Upload the XML to needed IDPs.

Login to the admin module to add IDP configurations (the name setting will be used to identify which configuration to use).

To test the login configuration:

  1. Logout if you are already logged in

  2. Access /login/samldb/?idp=nameFromConfig

  3. You should be redirected to your chosen IDP

  4. Login with your IDP

  5. You will be returned to the application and sent to the REDIRECT_URL if set

Settings

Required Settings

JSONFIELD_ENABLED

The JSONFIELD_ENABLED setting is required as it allows storing the attribute mapping as JSON in the database.

JSONFIELD_ENABLED = True

USER_MODEL

The USER_MODEL setting sets what model should be used when authenticating a User.

USER_MODEL = 'core.XDSUser'

SP_ENTITY_ID

The SP_ENTITY_ID setting sets Entity ID that IDPs should use for identifying the service. This settings should be unique to your service.

SP_ENTITY_ID = 'http://localhost:8000'

SP_PUBLIC_CERT

The SP_PUBLIC_CERT setting sets the public key to be used when authenticating users.

SP_PUBLIC_CERT = "******"

SP_PRIVATE_KEY

The SP_PRIVATE_KEY setting sets the private key to be used when authenticating users.

SP_PRIVATE_KEY = "******"

Contact Info

Contact information is set in three settings to provide to IDPs; ORG_INFO, TECHNICAL_CONTACT, and SUPPORT_CONTACT.

ORG_INFO = {
    "en-US": {
        "name": "example",
        "displayname": "Example Inc.",
        "url": "http://localhost",
    }
}
TECHNICAL_CONTACT = {
    "givenName": "Tech Gal",
    "emailAddress": "technical@localhost.com"
}
SUPPORT_CONTACT = {
    "givenName": "Support Guy",
    "emailAddress": "support@localhost.com",
}

USER_ATTRIBUTES

The USER_ATTRIBUTES setting list the attributes of the User model that should be retreived from the IDP.

This setting is used to set the default value for the attribute map in the IDP configuration

USER_ATTRIBUTES = ["user_permanent_id",
        "first_name",
        "last_name",
        "email"]

AUTHENTICATION_BACKENDS

The AUTHENTICATION_BACKENDS setting sets what authentication services should be avaliable.

This setting must include 'openlxp_authentication.models.SAMLDBAuth', but others can included as desired.

AUTHENTICATION_BACKENDS = (
    ...
    'django.contrib.auth.backends.ModelBackend',
    'openlxp_authentication.models.SAMLDBAuth',
)

INSTALLED_APPS

The INSTALLED_APPS setting sets what apps Django should load.

Both social_django and openlxp_authentication must be added for this package to work correctly.

INSTALLED_APPS = [
    ...
    'social_django',
    'openlxp_authentication',
]

Optional Settings

SESSION_EXPIRATION

The SESSION_EXPIRATION setting has the Django session expiration match an experiation supplied by the IDP.

SESSION_EXPIRATION = True

LOGIN_REDIRECT_URL

The LOGIN_REDIRECT_URL setting is used by the application to redirect the user upon a successful login.

LOGIN_REDIRECT_URL = 'http://www.google.com'

OVERIDE_HOST

The OVERIDE_HOST setting is used when Django is not able to accurately determine the host and port being used (this can occur in certain reverse proxy configurations).

The setting must follow the format http://www.hostname.com:port, https:// may be used instead.

If this setting is supplied, SOCIAL_AUTH_STRATEGY and BAD_HOST should also be set.

OVERIDE_HOST = 'http://localhost:8000'

BAD_HOST

The BAD_HOST setting is used to remove part of the host and port string if the automatically detected configuration is incorrect.

Similar to OVERIDE_HOST, this setting should also start with either http:// or https://.

The setting is required if using the OVERIDE_HOST setting.

BAD_HOST = 'http://localhost'

SOCIAL_AUTH_STRATEGY

The SOCIAL_AUTH_STRATEGY setting is required if using the OVERIDE_HOST setting. OpenLXP-Authentication provides a strategy but custom solutions can be created and referenced in this setting.

SOCIAL_AUTH_STRATEGY = 'openlxp_authentication.models.SAMLDBStrategy'

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

openlxp-authentication-1.1.1.tar.gz (9.1 kB view details)

Uploaded Source

Built Distribution

openlxp_authentication-1.1.1-py3-none-any.whl (11.4 kB view details)

Uploaded Python 3

File details

Details for the file openlxp-authentication-1.1.1.tar.gz.

File metadata

  • Download URL: openlxp-authentication-1.1.1.tar.gz
  • Upload date:
  • Size: 9.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.2 importlib_metadata/4.8.1 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.7.9

File hashes

Hashes for openlxp-authentication-1.1.1.tar.gz
Algorithm Hash digest
SHA256 79f0d26557ef28bffc295b38bd062152aa9c3a35509d58da493a66bf7862f6a8
MD5 8882bb27c6e3fff7bac215d13564679c
BLAKE2b-256 c9e1384a1f68a1a3afd67880f0cb486d4bc2d1a57d82fed542312efd594ff1ac

See more details on using hashes here.

File details

Details for the file openlxp_authentication-1.1.1-py3-none-any.whl.

File metadata

  • Download URL: openlxp_authentication-1.1.1-py3-none-any.whl
  • Upload date:
  • Size: 11.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.2 importlib_metadata/4.8.1 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.7.9

File hashes

Hashes for openlxp_authentication-1.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 c97d95f0d492f8c1fecf0216f9451f490e3181603ea88923ef508c63dbe0b043
MD5 995f1e6b43f1a33dbc72a0ecc66d3850
BLAKE2b-256 02fe05eb39836a30ff90c239551abbef83e5954e702ecb3b2ce54479c8883142

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page