/django-admin-sso

Single Sign On solution Django's admin using Google OAuth2

Primary LanguagePythonBSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

Django admin SSO

image

Django admin SSO lets users login to Django's administration panel using an OAuth2 provider instead of a username/password combination.

Installation

django-admin-sso is most often used with Google OAuth2 and the instructions follow that assumption. At least in theory it is possible to use a different OAuth2 provider.

  1. Make sure you have a working Django project setup.
  2. Install django-admin-sso using pip:

    pip install django-admin-sso
  3. Add admin_sso to INSTALLED_APPS in your settings.py file:

    INSTALLED_APPS = (
        ...
        'admin_sso',
        ...
    )
  4. Add the django-admin authentication backend:

    AUTHENTICATION_BACKENDS = (
        'admin_sso.auth.DjangoSSOAuthBackend',
        'django.contrib.auth.backends.ModelBackend',
    )
  5. Insert your OAuth2 client id and secret key into your settings file:

    DJANGO_ADMIN_SSO_OAUTH_CLIENT_ID = 'your client id here'
    DJANGO_ADMIN_SSO_OAUTH_CLIENT_SECRET = 'your client secret here'

Navigate to Google's Developer Console, create a new project, and create a new client ID under the menu point "APIs & AUTH", "Credentials". The redirect URI should be of the form http://example.com/admin/admin_sso/assignment/end/

  1. Run ./manage.py migrate to create the needed database tables.
  2. Log into the admin and add an Assignment.

Assignments

Any Remote User -> Local User X

  • Select Username mode "any".
  • Set Domain to your authenticating domain.
  • Select your local user from the User drop down.

Remote User -> Local User

  • Select Username mode "matches" or "don't match".
  • Set username to [not] match by.
  • Set Domain to your authenticating domain.
  • Select your local user from the User drop down.

Changelog

2.3

  • Raised the minimum supported Django version to the LTS version, 1.8.
  • Avoid deprecation warnings with Django 1.10.

2.2

  • Official support for Django 1.10 (no changes were necessary)
  • Made the admin panel usable on sites with many users.

2.1

  • Removed support for OpenID
  • Python 3 compatible
  • Dropped support for Django versions older than 1.7
  • Continued development as django-admin-sso (2.0.x versions were released independently as django-admin-sso2)

1.0