Implementing Single Sign On (SSO) using Django
PythonDjangoSingle Sign-OnPython Problem Overview
I would like to use Django for implementing Single Sign On (SSO) for multiple applications that we currently use. How can I implement this using Django?
Python Solutions
Solution 1 - Python
We're using OpenAM. http://forgerock.com/openam.html
The OpenAM Cookie means that the user is authenticated.
An authentication backend for this is pretty simple. Under 50 lines of code.
https://docs.djangoproject.com/en/3.1/topics/auth/customizing/#other-authentication-sources
We wrote a little bit of code that makes a RESTful request to the OpenAM server to get the user, group and role information. We then use the roles to determine the user's authorizations.
Solution 2 - Python
MamaCAS appears to be a good solution. (It has gained 104 stars at the time of writing.)
https://github.com/jbittel/django-mama-cas
> MamaCAS is a Django Central Authentication Service (CAS) single sign-on and single logout server. It implements the CAS 1.0, 2.0 and 3.0 protocols, including some of the optional features. > > CAS is a single sign-on and single logout web protocol that allows a user to access multiple applications after providing their credentials a single time. It utilizes security tickets, unique text strings generated and validated by the server, allowing applications to authenticate a user without direct access to the user's credentials (typically a user ID and password).
Solution 3 - Python
Take a look at django-cas-provider + django-cas-consumer (or django-cas)
Solution 4 - Python
django-sso is a pretty neat package that implements single signon
Solution 5 - Python
Django Simple SSO is another one.
https://github.com/aldryn/django-simple-sso
article about how to use this repo a article
Solution 6 - Python
You may implement SSO as follows:
- Shibboleth as Identity Provider
- Django website as Service Provider
I've just finished writing detailed guide on my blog: http://codeinpython.blogspot.com/2015/11/how-to-setup-shibboleth-identity.html
Solution 7 - Python
CAS (Central Authentication Service) is a good solution that supports SSO (Single Sign-On) and Single Logout (SLO) for Django and Flask. Here is a setup instruction to have a CAS server and multiple clients with the same login/logout:
- A CAS-Client is needed so I used the new generation of Django-CAS called django-cas-ng package and here is its configuration to make your own client. (Also, here is a pre-configured client repo)
- A CAS-Server is needed so I used a pre-configured repo.
[NOTE]:
- It supports Django 1.11, 2.x, 3.x
[UPDATE]:
- It's also worth mentioning that, you have to change the default clients'
SESSION_COOKIE_NAMEin order to make distinguishable sessions to avoid conflicts at login/logout. In Django, you should add the following line in thesettings.pyfor each Django client:
SESSION_COOKIE_NAME = 'client1_sess'
Solution 8 - Python
I have used https://github.com/onelogin/python3-saml with Azure AD and Google–pretty simple setup with great docs and support.