Implementing Single Sign On (SSO) using Django [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

---

We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.

Closed 2 years ago.

Improve this question 开发者_开发技巧

I would like to use Django for implementing Single Sign On (SSO) for multiple applications that we currently use. How can I implement this using Django?

---

We're using OpenAM. http://forgerock.com/openam.html

The OpenAM Cookie means that the user is authenticated.

An authentication backend for this is pretty simple. Under 50 lines of code.

https://docs.djangoproject.com/en/3.1/topics/auth/customizing/#other-authentication-sources

We wrote a little bit of code that makes a RESTful request to the OpenAM server to get the user, group and role information. We then use the roles to determine the user's authorizations.

---

MamaCAS appears to be a good solution. (It has gained 104 stars at the time of writing.)

https://github.com/jbittel/django-mama-cas

MamaCAS is a Django Central Authentication Service (CAS) single sign-on and single logout server. It implements the CAS 1.0, 2.0 and 3.0 protocols, including some of the optional features.

CAS is a single sign-on and single logout web protocol that allows a user to access multiple applications after providing their credentials a single time. It utilizes security tickets, unique text strings generated and validated by the server, allowing applications to authenticate a user without direct access to the user's credentials (typically a user ID and password).

---

Take a look at django-cas-provider + django-cas-consumer (or django-cas)

---

django-sso is a pretty neat package that implements single signon

---

Django Simple SSO is another one.

https://github.com/aldryn/django-simple-sso

article about how to use this repo a article

---

You may implement SSO as follows:

• Shibboleth as Identity Provider
• Django website as Service Provider

I've just finished writing detailed guide on my blog: http://codeinpython.blogspot.com/2015/11/how-to-setup-shibboleth-identity.html

---

CAS (Central Authentication Service) is a good solution that supports SSO (Single Sign-On) and Single Logout (SLO) for Django and Flask. Here is a setup instruction to have a CAS server and multiple clients with the same login/logout:

1. A CAS-Client is needed so I used the new generation of Django-CAS called django-cas-ng package and here is its configuration to make your own client. (Also, here is a pre-configured client repo)
2. A CAS-Server is needed so I used a pre-configured repo.

---

[NOTE]:

• It supports Django 1.11, 2.x, 3.x

---

[UPDATE]:

• It's also worth mentioning that, you have to change the default clients' SESSION_COOKIE_NAME in order to make distinguishable sessions to avoid conflicts at login/logout. In Django, you should add the following line in the settings.py for each Django client:

SESSION_COOKIE_NAME = 'client1_sess'

---

I have used https://github.com/onelogin/python3-saml with Azure AD and Google–pretty simple setup with great docs and support.