divio/django-simple-sso divio/django-simple-sso

  • Stars
    star
    298
  • Rank 139,663 (Top 3 %)
  • Language
    Python
  • License
    Other
  • Created over 13 years ago
  • Updated almost 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
divio/django-simple-sso
github

divio

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

django-simple-sso

pypi build coverage

Documentation

See REQUIREMENTS in the setup.py file for additional dependencies:

python django

Django Simple SSO Specification (DRAFT)

Terminology

Server

The server is a Django website that holds all the user information and authenticates users.

Client

The client is a Django website that provides login via SSO using the Server. It does not hold any user information.

Key

A unique key identifying a Client. This key can be made public.

Secret

A secret key shared between the Server and a single Client. This secret should never be shared with anyone other than the Server and Client and must not be transferred unencrypted.

Workflow

  • User wants to log into a Client by clicking a "Login" button. The initially requested URL can be passed using the next GET parameter.
  • The Client's Python code does a HTTP request to the Server to request a authentication token, this is called the Request Token Request.
  • The Server returns a Request Token.
  • The Client redirects the User to a view on the Server using the Request Token, this is the Authorization Request.
  • If the user is not logged in the the Server, they are prompted to log in.
  • The user is redirected to the Client including the Request Token and a Auth Token, this is the Authentication Request.
  • The Client's Python code does a HTTP request to the Server to verify the Auth Token, this is called the Auth Token Verification Request.
  • If the Auth Token is valid, the Server returns a serialized Django User object.
  • The Client logs the user in using the Django User recieved from the Server.

Requests

General

All requests have a signature and key parameter, see Security.

Request Token Request

  • Client: Python

  • Target: Server

  • Method: GET

  • Extra Parameters: None

  • Responses:

    • 200: Everything went fine, the body of the response is a url encoded query string containing with the request_token key holding the Request Token as well as the signature.
    • 400: Bad request (missing GET parameters)
    • 403: Forbidden (invalid signature)

Authorization Request

  • Client: Browser (User)

  • Target: Server

  • Method: GET

  • Extra Parameters:

    • request_token

  • Responses:

    • 200: Everything okay, prompt user to log in or continue.
    • 400: Bad request (missing GET parameter).
    • 403: Forbidden (invalid Request Token).

Authentication Request

  • Client: Browser (User)

  • Target: Client

  • Method: GET

  • Extra Parameters:

    • request_token: The Request Token returned by the Request Token Request.
    • auth_token: The Auth Token generated by the Authorization Request.

  • Responses:

    • 200: Everything went fine, the user is now logged in.
    • 400: Bad request (missing GET parameters).
    • 403: Forbidden (invalid Request Token).

Auth Token Verification Request

  • Client: Python

  • Target: Server

  • Method: GET

  • Extra Parameters:

    • auth_token: The Auth Token obtained by the Authentication Request.

  • Responses:

    • 200: Everything went fine, the body of the response is a url encoded query string containing the user key which is the JSON serialized representation of the Django user to create as well as the signature.

Security

Every request is signed using HMAC-SHA256. The signature is in the signature parameter. The signature message is the urlencoded, alphabetically ordered query string. The signature key is the Secret of the Client. To verify the signature the key paramater holding the key of the Client is also sent with every request from the Client to the Server.

Example

GET Request with the GET parameters key=bundle123 and the private key secret key: fbf6396d0fc40d563e2be3c861f7eb5a1b821b76c2ac943d40a7a63b288619a9

The User object

The User object returned by a successful Auth Token Verification Request does not contain all the information about the Django User, in particular, it does not contain the password.

The user object contains must contain at least the following data:

  • username: The unique username of this user.
  • email: The email of this user.
  • first_name: The first name of this user, this field is required, but may be empty.
  • last_name: The last name of this user, this field is required, but may be empty.
  • is_staff: Can this user access the Django admin on the Client?
  • is_superuser: Does this user have superuser access to the Client?
  • is_active: Is the user active?

Implementation

On the server

  • Add simple_sso.sso_server to INSTALLED_APPS.
  • Create an instance (potentially of a subclass) of simple_sso.sso_server.server.Server and include the return value of the get_urls method on that instance into your url patterns.

On the client

  • Create a new instance of simple_sso.sso_server.models.Consumer on the Server.
  • Add the SIMPLE_SSO_SECRET and SIMPLE_SSO_KEY settings as provided by the Server's simple_sso.sso_server.models.Client model.
  • Add the SIMPLE_SSO_SERVER setting which is the absolute URL pointing to the root where the simple_sso.sso_server.urls where include on the Server.
  • Add the simple_sso.sso_client.urls patterns somewhere on the client.

Running Tests

You can run tests by executing:

virtualenv env
source env/bin/activate
pip install -r tests/requirements.txt
python setup.py test

More Repositories

1

django-mailchimp

DEPRECATED, this project is no longer maintained, see README for more information.
Python
176
star
2

django-cms-tutorial

django CMS Tutorial
109
star
3

documentation-framework

"The Grand Unified Theory of Documentation" (David Laing) - a popular and transformative documentation authoring framework
91
star
4

aldryn-newsblog

A combined news/weblog application for Aldryn and django CMS – part of the Essential Addons.
Python
67
star
5

djangocms-rest-api

A REST API for django CMS
Python
51
star
6

aldryn-search

Haystack 2.0 search index for django CMS
Python
48
star
7

aldryn-bootstrap3

DEPRECATED, this project is no longer maintained, see README for more information.
Python
44
star
8

aldryn-forms

Flexible HTML forms for your django CMS projects
Python
40
star
9

django-cms-explorer

django CMS explorer theme example
CSS
30
star
10

django-simplegallery

DEPRECATED: django gallery app
Python
30
star
11

django-polls

Django tutorial's polls app
Python
27
star
12

django-login-as

Log in as any user in django (if you're a superuser)
Python
26
star
13

django-cms-demo

django CMS demo for development, research and fun
Python
26
star
14

divio-cli

Command line interface to the Divio Cloud (formerly aldryn-client)
Python
21
star
15

django-emailit

deadsimple html emails
Python
20
star
16

django-appmedia

symlinks or builds appmedia for django projects
Python
18
star
17

python-mautic

Python
17
star
18

django-contentblock

A simple app that allows using Multilingual contentblock using Placeholders from django-cms
Python
15
star
19

djangocms-table

Django CMS plugin for creating tables
JavaScript
13
star
20

djangocms-grid

A multi-column plugin, that uses a common grid system.
Python
12
star
21

django-cms-jplayer

MP3 Player plugin for the django-cms
JavaScript
12
star
22

aldryn-django

An opinionated Django setup for Divio Cloud
Python
12
star
23

aldryn-categories

Python
12
star
24

divio-cloud-docs

Divio Cloud documentation for developers
Python
12
star
25

djangocms-boilerplate-bootstrap4

django CMS Bootstrap 4 Boilerplate for Divio Cloud
JavaScript
11
star
26

django-cms-divio-quickstart

A Dockerised django CMS project, ready to deploy on Divio or another Docker-based cloud platform, and run locally in Docker on your own machine. A Divio account is not required.
Python
10
star
27

djangocms-oembed

A set of oembed plugins (currently only video) for django CMS.
Python
9
star
28

django-cronjobs

Define your cronjobs and intervals in Python code. A single cronjob (management command) then runs all these jobs.
Python
9
star
29

django-dploi

A deployment helper using fabric and buildout
Python
9
star
30

djangocms-boilerplate-webpack

Advanced django CMS boilerplate with Bootstrap3, Webpack, Babel etc.
CSS
9
star
31

aldryn-people

People and Organizations
Python
9
star
32

django-divioadmin

divio modifications to django.contrib.admin
Python
9
star
33

django-cms-preview

Dockerfile for a django CMS preview
Python
7
star
34

browserslist-saucelabs

Browserslist to Sauce Labs capabilities converter
JavaScript
7
star
35

aldryn-sites

Extensions to django.contrib.sites
Python
6
star
36

aldryn-boilerplates

An extension that allows re-usable apps to provide sets of templates and staticfiles for different boilerplates.
Python
6
star
37

djangocms-accordion

Accordion Plugin for django CMS
Python
6
star
38

cmsplugin-banner

Python
5
star
39

aldryn-sso

Single sign-on Integration for Divio Cloud
Python
5
star
40

djangocms-teaser

Python
5
star
41

djangocms-stacks

Python
5
star
42

aldryn-apphooks-config

Python
5
star
43

django-gsa

A thin wrapper for using a Google Search Appliance (GSA) for searches in django.
Python
5
star
44

aldryn-translation-tools

Collection of translation helpers and mixins
Python
5
star
45

django-divio-quickstart

A Dockerised Django project, ready to deploy on Divio or another Docker-based cloud platform, and run locally in Docker on your own machine. A Divio account is not required.
Python
5
star
46

ac-base

Base images for Python projects deployed on Divio Cloud.
Dockerfile
5
star
47

aldryn-django-cms

An opinionated django CMS setup bundled as an Divio Cloud addon
Python
5
star
48

django-storage-url

Python
4
star
49

djangocms-link-manager

DEPRECATED, this project is no longer maintained, see README for more information.
Python
4
star
50

aldryn-common

A library of helpful utilities for packages in the django CMS/Aldryn ecosystem
Python
4
star
51

no-devops-please

But I never wanted to do DevOps! A Cloud deployment workshop for Python programmers
Python
4
star
52

cmsplugin-iframe

A simple iframe plugin for django-cms
Python
4
star
53

ac-wheelsproxy

PyPI compatible proxy to build and serve wheels for specific platforms.
Python
4
star
54

django-standardsettings

A package that helps standardise our common settings for all projects
Python
4
star
55

djangocms-project

a example project using django-cms. does not work, as we have not opensourced all dependencies YET.
Python
4
star
56

nginx-boilerplate

Divio Cloud based boilerplate to develop with NGINX
HTML
4
star
57

djangocms-boilerplate-bootstrap3

django CMS Bootstrap 3 Boilerplate for Divio Cloud
JavaScript
4
star
58

djangocms-translations

Send django CMS content for translation to 3rd party providers.
Python
3
star
59

divio-wagtail-puput

A Divio Cloud addon to install the Wagtail Puput weblog
Python
3
star
60

saleor-boilerplate

Divio Cloud based boilerplate to develop with Saleor
Python
3
star
61

multi-python

A docker multi-architecture Docker image with tox and multiple Python version installed, ideal for CI.
Dockerfile
3
star
62

django-redirects-hvad

A modified version of django.contrib.redirects with multilingual target URLs
Python
3
star
63

djangocms-inherit

DEPRECATED, this project is no longer maintained, see README for more information.
Python
3
star
64

aldryn-apphook-reload

Reload urls of django CMS Apphooks without a restart
Python
3
star
65

django-tinymce

Mirror and contributions to django-tinymce. original is here: http://code.google.com/p/django-tinymce/
JavaScript
3
star
66

django-commontranslations

prevents repeating translations across apps and projects
Python
3
star
67

aldryn-celery

An opinionated Celery setup bundled as an Aldryn Addon. To be used together with aldryn-django. * Deprecated *
Python
2
star
68

djangocms-flash

Python
2
star
69

djangocms-internalsearch

Python
2
star
70

django-celery-divio-quickstart

Python
2
star
71

djangocms-boilerplate-foundation6

django CMS Foundation 6 Boilerplate for Divio Cloud
CSS
2
star
72

djangocms-tutorial-addon

Tutorial addon for step 9 of https://www.django-cms.org/en/blog/2016/02/16/build-a-website-without-knowing-python-django-part-one/
Python
2
star
73

djangocms-versioning-filer

Python
2
star
74

aldryn-addons

This is the basis for the Divio Cloud Addon's Framework
Python
2
star
75

djangocms-timed

Python
2
star
76

aldryn-redirects

A modified version of django's django.contrib.redirects app that supports language dependant target URLs, using django-hvad
Python
2
star
77

django-apptemplate

a standard django app
2
star
78

docs-theme

Sass
1
star
79

django-commonsearch

Common search utilities
Python
1
star
80

djangocms-personalisation

Successor of aldryn-segmentation.
Python
1
star
81

php-laravel-boilerplate

PHP
1
star
82

aldryn-django-oscar

Aldryn Django Oscar
Python
1
star
83

divio-telemetry-apm

Python
1
star
84

express-boilerplate

Divio Cloud based boilerplate to develop with Express
JavaScript
1
star
85

php-laravel6-boilerplate

PHP
1
star
86

application-documentation

Guidelines and example for creating application documentation
1
star
87

application-documentation-starter-files

Starter files for building application documentation
Python
1
star
88

djangocms-salesforce-forms

An IDEXX specific aldryn-forms extension that submits to SalesForce Marketing Cloud (SFMC)
Python
1
star
89

djangocms-boilerplate-html5

django CMS HTML5 Boilerplate for Divio Cloud
CSS
1
star
90

the-opinions-company

A simple project to demonstrate migration to Divio Cloud
JavaScript
1
star
91

divio.github.com

JavaScript
1
star
92

djangocms-casper-helpers

Helpers for testing django CMS applications / plugins in Casper.js
JavaScript
1
star
93

getting-started-with-express

JavaScript
1
star
94

node-boilerplate

Divio Cloud based boilerplate to develop with Node
JavaScript
1
star
95

django-multisite-plus

Python
1
star
96

getting-started-with-aspnet-core

HTML
1
star