summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Noel <thomas@univnautes-idp.dev>2014-03-16 13:22:30 (GMT)
committerThomas Noel <thomas@univnautes-idp.dev>2014-03-16 13:22:30 (GMT)
commitc6574ff3ae5e707d002e6e02b17ef660e1f6bc96 (patch)
tree544b856e4a448c8dfeed6485d87e8dceaac888ee
parent83feec2146cb768d9e741c757cccfb53a5a236d4 (diff)
downloadunivnautes-idp-c6574ff3ae5e707d002e6e02b17ef660e1f6bc96.zip
univnautes-idp-c6574ff3ae5e707d002e6e02b17ef660e1f6bc96.tar.gz
univnautes-idp-c6574ff3ae5e707d002e6e02b17ef660e1f6bc96.tar.bz2
first commit
-rw-r--r--.gitignore3
-rw-r--r--README.md7
-rwxr-xr-xmanage.py10
-rw-r--r--requirements.txt3
-rw-r--r--settings.ini.example114
-rw-r--r--univnautes_idp/__init__.py0
-rw-r--r--univnautes_idp/settings.py294
-rw-r--r--univnautes_idp/urls.py1
-rw-r--r--univnautes_idp/wsgi.py32
9 files changed, 463 insertions, 1 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..e9814da
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+settings.ini
+*.pyo
+*.pyc
diff --git a/README.md b/README.md
index 7b720db..cdfe073 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,7 @@
-univnautes-idp : un IdP pour UnivNautes
+univnautes-idp : IdP multi-tenants pour UnivNautes
+
+cp settings.ini.example /somewhere/settings.ini
+export UNIVNAUTES_IDP_SETTINGS_INI=/somewhere/settings.ini
+python manage.py sync_schemas --shared --noinput
+python manage.py create-tenant xyz.univnautes-idp.dev.entrouvert.org xyz
diff --git a/manage.py b/manage.py
new file mode 100755
index 0000000..aaa380a
--- /dev/null
+++ b/manage.py
@@ -0,0 +1,10 @@
+#!/usr/bin/env python
+import os
+import sys
+
+if __name__ == "__main__":
+ os.environ.setdefault("DJANGO_SETTINGS_MODULE", "univnautes_idp.settings")
+
+ from django.core.management import execute_from_command_line
+
+ execute_from_command_line(sys.argv)
diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 0000000..233cc61
--- /dev/null
+++ b/requirements.txt
@@ -0,0 +1,3 @@
+authentic2
+django-tenant-schemas
+python-entrouvert
diff --git a/settings.ini.example b/settings.ini.example
new file mode 100644
index 0000000..5d9beac
--- /dev/null
+++ b/settings.ini.example
@@ -0,0 +1,114 @@
+[saml]
+local_metadata_cache_timeout: 600
+# Whether to autoload SAML 2.0 identity providers and services metadata
+# Only https URLS are accepted. Can be none, sp, idp or both
+metadata_autoload: both
+# these keys will changed by tenants :
+signature_public_key: -----BEGIN CERTIFICATE-----
+ MIIDIzCCAgugAwIBAgIJANUBoick1pDpMA0GCSqGSIb3DQEBBQUAMBUxEzARBgNV
+ BAoTCkVudHJvdXZlcnQwHhcNMTAxMjE0MTUzMzAyWhcNMTEwMTEzMTUzMzAyWjAV
+ MRMwEQYDVQQKEwpFbnRyb3V2ZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+ CgKCAQEAvxFkfPdndlGgQPDZgFGXbrNAc/79PULZBuNdWFHDD9P5hNhZn9Kqm4Cp
+ 06Pe/A6u+g5wLnYvbZQcFCgfQAEzziJtb3J55OOlB7iMEI/T2AX2WzrUH8QT8NGh
+ ABONKU2Gg4XiyeXNhH5R7zdHlUwcWq3ZwNbtbY0TVc+n665EbrfV/59xihSqsoFr
+ kmBLH0CoepUXtAzA7WDYn8AzusIuMx3n8844pJwgxhTB7Gjuboptlz9Hri8JRdXi
+ VT9OS9Wt69ubcNoM6zuKASmtm48UuGnhj8v6XwvbjKZrL9kA+xf8ziazZfvvw/VG
+ Tm+IVFYB7d1x457jY5zjjXJvNysoowIDAQABo3YwdDAdBgNVHQ4EFgQUeF8ePnu0
+ fcAK50iBQDgAhHkOu8kwRQYDVR0jBD4wPIAUeF8ePnu0fcAK50iBQDgAhHkOu8mh
+ GaQXMBUxEzARBgNVBAoTCkVudHJvdXZlcnSCCQDVAaInJNaQ6TAMBgNVHRMEBTAD
+ AQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAy8l3GhUtpPHx0FxzbRHVaaUSgMwYKGPhE
+ IdGhqekKUJIx8et4xpEMFBl5XQjBNq/mp5vO3SPb2h2PVSks7xWnG3cvEkqJSOeo
+ fEEhkqnM45b2MH1S5uxp4i8UilPG6kmQiXU2rEUBdRk9xnRWos7epVivTSIv1Ncp
+ lG6l41SXp6YgIb2ToT+rOKdIGIQuGDlzeR88fDxWEU0vEujZv/v1PE1YOV0xKjTT
+ JumlBc6IViKhJeo1wiBBrVRIIkKKevHKQzteK8pWm9CYWculxT26TZ4VWzGbo06j
+ o2zbumirrLLqnt1gmBDvDvlOwC/zAAyL4chbz66eQHTiIYZZvYgy
+ -----END CERTIFICATE-----
+signature_private_key: -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEAvxFkfPdndlGgQPDZgFGXbrNAc/79PULZBuNdWFHDD9P5hNhZ
+ n9Kqm4Cp06Pe/A6u+g5wLnYvbZQcFCgfQAEzziJtb3J55OOlB7iMEI/T2AX2WzrU
+ H8QT8NGhABONKU2Gg4XiyeXNhH5R7zdHlUwcWq3ZwNbtbY0TVc+n665EbrfV/59x
+ ihSqsoFrkmBLH0CoepUXtAzA7WDYn8AzusIuMx3n8844pJwgxhTB7Gjuboptlz9H
+ ri8JRdXiVT9OS9Wt69ubcNoM6zuKASmtm48UuGnhj8v6XwvbjKZrL9kA+xf8ziaz
+ Zfvvw/VGTm+IVFYB7d1x457jY5zjjXJvNysoowIDAQABAoIBAQCj8t2iKXya10HG
+ V6Saaeih8aftoLBV38VwFqqjPU0+iKqDpk2JSXBhjI6s7uFIsaTNJpR2Ga1qvns1
+ hJQEDMQSLhJvXfBgSkHylRWCpJentr4E3D7mnw5pRsd61Ev9U+uHcdv/WHP4K5hM
+ xsdiwXNXD/RYd1Q1+6bKrCuvnNJVmWe0/RV+r3T8Ni5xdMVFbRWt/VEoE620XX6c
+ a9TQPiA5i/LRVyie+js7Yv+hVjGOlArtuLs6ECQsivfPrqKLOBRWcofKdcf+4N2e
+ 3cieUqwzC15C31vcMliD9Hax9c1iuTt9Q3Xzo20fOSazAnQ5YBEExyTtrFBwbfQu
+ ku6hp81pAoGBAN6bc6iJtk5ipYpsaY4ZlbqdjjG9KEXB6G1MExPU7SHXOhOF0cDH
+ /pgMsv9hF2my863MowsOj3OryVhdQhwA6RrV263LRh+JU8NyHV71BwAIfI0BuVfj
+ 6r24KudwtUcvMr9pJIrJyMAMaw5ZyNoX7YqFpS6fcisSJYdSBSoxzrzVAoGBANu6
+ xVeMqGavA/EHSOQP3ipDZ3mnWbkDUDxpNhgJG8Q6lZiwKwLoSceJ8z0PNY3VetGA
+ RbqtqBGfR2mcxHyzeqVBpLnXZC4vs/Vy7lrzTiHDRZk2SG5EkHMSKFA53jN6S/nJ
+ JWpYZC8lG8w4OHaUfDHFWbptxdGYCgY4//sjeiuXAoGBANuhurJ99R5PnA8AOgEW
+ 4zD1hLc0b4ir8fvshCIcAj9SUB20+afgayRv2ye3Dted1WkUL4WYPxccVhLWKITi
+ rRtqB03o8m3pG3kJnUr0LIzu0px5J/o8iH3ZOJOTE3iBa+uI/KHmxygc2H+XPGFa
+ HGeAxuJCNO2kAN0Losbnz5dlAoGAVsCn94gGWPxSjxA0PC7zpTYVnZdwOjbPr/pO
+ LDE0cEY9GBq98JjrwEd77KibmVMm+Z4uaaT0jXiYhl8pyJ5IFwUS13juCbo1z/u/
+ ldMoDvZ8/R/MexTA/1204u/mBecMJiO/jPw3GdIJ5phv2omHe1MSuSNsDfN8Sbap
+ gmsgaiMCgYB/nrTk89Fp7050VKCNnIt1mHAcO9cBwDV8qrJ5O3rIVmrg1T6vn0aY
+ wRiVcNacaP+BivkrMjr4BlsUM6yH4MOBsNhLURiiCL+tLJV7U0DWlCse/doWij4U
+ TKX6tp6oI+7MIJE6ySZ0cBqOiydAkBePZhu57j6ToBkTa0dbHjn1WA==
+ -----END RSA PRIVATE KEY-----
+
+
+[dirs]
+base: /home/thomas/univnautes-idp
+template_dirs: %(base)s/templates
+multitenant_template_dirs: %(base)s/tenants/templates
+ /var/lib/truc/encore
+ /bidule/machin
+media_root: %(base)s/media
+static_root: %(base)s/static
+static_dirs:
+
+[database]
+name: univnautes_idp
+host:
+port:
+user:
+password:
+
+[cache]
+memcached: on
+
+[secrets]
+secret_key: random-string-of-ascii
+csrf_secret: random-string-of-ascii
+
+[session]
+expire_at_browser_close: yes
+cookie_age:
+cookie_name:
+cookie_path:
+coolie_secure:
+cookie_domain:
+
+# all settings in debug section should be false in production
+# INTERNAL_IPS should be empty in productive environment
+[debug]
+general: true
+template: true
+toolbar: true
+internal_ips: 127.0.0.1
+skip_csrf: true
+sentry_dsn:
+
+[email]
+server_email: django@localhost
+default_from_email: django@localhost
+subject_prefix: [unidp]
+host: localhost
+port: 25
+use_tls: no
+user:
+password:
+
+# the [admins] and [managers] sections are special. Just add lines with
+# full name: email_address@domain.xx
+# each section must be present but may be empty.
+[admins]
+#Thomas: tnoel+unidp@entrouvert.com
+[managers]
+#Thomas: tnoel+unidp@entrouvert.com
+
diff --git a/univnautes_idp/__init__.py b/univnautes_idp/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/univnautes_idp/__init__.py
diff --git a/univnautes_idp/settings.py b/univnautes_idp/settings.py
new file mode 100644
index 0000000..bac61a0
--- /dev/null
+++ b/univnautes_idp/settings.py
@@ -0,0 +1,294 @@
+# Django settings for univnautes_idp project.
+
+import os
+from ConfigParser import ConfigParser
+from django.core.exceptions import ImproperlyConfigured
+
+SETTINGS_INI = os.environ.get('UNIVNAUTES_IDP_SETTINGS_INI', '/etc/univnautes-idp/settings.ini')
+config = ConfigParser()
+config.read(SETTINGS_INI)
+
+
+DEBUG = config.getboolean('debug', 'general')
+INTERNAL_IPS = tuple(config.get('debug', 'internal_ips').split())
+TEMPLATE_DEBUG = config.getboolean('debug', 'template')
+ADMINS = tuple(config.items('admins'))
+MANAGERS = tuple(config.items('managers'))
+SENTRY_DSN = config.get('debug', 'sentry_dsn')
+DEBUG_TOOLBAR = config.getboolean('debug', 'toolbar')
+
+DATABASES = {
+ 'default': {
+ 'ENGINE': 'tenant_schemas.postgresql_backend',
+ 'NAME': config.get('database','name'),
+ 'USER': config.get('database','user'),
+ 'PASSWORD': config.get('database','password'),
+ 'HOST': config.get('database','host'),
+ 'PORT': config.get('database','port'),
+ }
+}
+SOUTH_DATABASE_ADAPTERS = {
+ 'default': 'south.db.postgresql_psycopg2',
+}
+
+
+# Hosts/domain names that are valid for this site; required if DEBUG is False
+# See https://docs.djangoproject.com/en/1.5/ref/settings/#allowed-hosts
+ALLOWED_HOSTS = ['*']
+USE_X_FORWARDED_HOST = True
+
+# Local time zone for this installation. Choices can be found here:
+# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
+# although not all choices may be available on all operating systems.
+# In a Windows environment this must be set to your system time zone.
+TIME_ZONE = 'Europe/Paris'
+
+# Language code for this installation. All choices can be found here:
+# http://www.i18nguy.com/unicode/language-identifiers.html
+LANGUAGE_CODE = 'fr-fr'
+gettext_noop = lambda s: s
+LANGUAGES = (
+ ('en', gettext_noop('English')),
+ ('fr', gettext_noop('French')),
+)
+
+SITE_ID = 1
+
+# If you set this to False, Django will make some optimizations so as not
+# to load the internationalization machinery.
+USE_I18N = True
+
+# If you set this to False, Django will not format dates, numbers and
+# calendars according to the current locale.
+USE_L10N = True
+
+# If you set this to False, Django will not use timezone-aware datetimes.
+USE_TZ = True
+
+# Absolute filesystem path to the directory that will hold user-uploaded files.
+# Example: "/var/www/example.com/media/"
+MEDIA_ROOT = config.get('dirs','media_root')
+
+# URL that handles the media served from MEDIA_ROOT. Make sure to use a
+# trailing slash.
+# Examples: "http://example.com/media/", "http://media.example.com/"
+MEDIA_URL = ''
+
+# Absolute path to the directory static files should be collected to.
+# Don't put anything in this directory yourself; store your static files
+# in apps' "static/" subdirectories and in STATICFILES_DIRS.
+# Example: "/var/www/example.com/static/"
+STATIC_ROOT = config.get('dirs','static_root')
+
+# URL prefix for static files.
+# Example: "http://example.com/static/", "http://static.example.com/"
+STATIC_URL = '/static/'
+
+# Additional locations of static files
+STATICFILES_DIRS = tuple(config.get('dirs','static_dirs').split())
+
+# List of finder classes that know how to find static files in
+# various locations.
+STATICFILES_FINDERS = (
+ 'django.contrib.staticfiles.finders.FileSystemFinder',
+ 'django.contrib.staticfiles.finders.AppDirectoriesFinder',
+# 'django.contrib.staticfiles.finders.DefaultStorageFinder',
+)
+
+# Make this unique, and don't share it with anybody.
+SECRET_KEY = config.get('secrets', 'secret_key')
+
+# List of callables that know how to import templates from various sources.
+TEMPLATE_LOADERS = (
+ 'entrouvert.djommon.multitenant.template_loader.FilesystemLoader',
+ 'django.template.loaders.filesystem.Loader',
+ 'django.template.loaders.app_directories.Loader',
+)
+
+TEMPLATE_CONTEXT_PROCESSORS = (
+ 'django.contrib.auth.context_processors.auth',
+ 'django.core.context_processors.debug',
+ 'django.core.context_processors.i18n',
+ 'django.core.context_processors.media',
+ 'django.core.context_processors.request',
+ 'django.contrib.messages.context_processors.messages',
+ 'django.core.context_processors.static',
+ 'authentic2.context_processors.federations_processor',
+)
+
+MIDDLEWARE_CLASSES = (
+ 'tenant_schemas.middleware.TenantMiddleware',
+ 'entrouvert.djommon.multitenant.middleware.EOTenantMiddleware',
+ 'django.middleware.common.CommonMiddleware',
+ 'django.middleware.http.ConditionalGetMiddleware',
+ 'django.contrib.sessions.middleware.SessionMiddleware',
+ 'django.middleware.csrf.CsrfViewMiddleware',
+ 'django.middleware.locale.LocaleMiddleware',
+ 'django.contrib.auth.middleware.AuthenticationMiddleware',
+ 'django.contrib.messages.middleware.MessageMiddleware',
+ 'authentic2.idp.middleware.DebugMiddleware',
+ # Uncomment the next line for simple clickjacking protection:
+ # 'django.middleware.clickjacking.XFrameOptionsMiddleware',
+)
+
+ROOT_URLCONF = 'univnautes_idp.urls'
+
+# Python dotted path to the WSGI application used by Django's runserver.
+WSGI_APPLICATION = 'univnautes_idp.wsgi.application'
+
+TEMPLATE_DIRS = tuple(config.get('dirs', 'template_dirs').split())
+MULTITENANT_TEMPLATE_DIRS = tuple(config.get('dirs', 'multitenant_template_dirs').split())
+
+SHARED_APPS = (
+ 'tenant_schemas',
+ 'entrouvert.djommon.multitenant',
+ 'django.contrib.auth',
+ 'django.contrib.sessions',
+ 'django.contrib.messages',
+ 'django.contrib.admin',
+ 'django.contrib.staticfiles',
+ 'django.contrib.contenttypes',
+ 'south',
+)
+
+TENANT_APPS = (
+ 'django.contrib.auth',
+ 'django.contrib.sessions',
+ 'django.contrib.messages',
+ 'django.contrib.admin',
+ 'django.contrib.staticfiles',
+ 'django.contrib.contenttypes',
+ 'south',
+ 'admin_tools',
+ 'admin_tools.theming',
+ 'admin_tools.menu',
+ 'admin_tools.dashboard',
+ 'registration',
+ 'authentic2.nonce',
+ 'authentic2.saml',
+ 'authentic2.idp',
+ 'authentic2.idp.saml',
+ 'authentic2.auth2_auth',
+ 'authentic2.attribute_aggregator',
+ 'authentic2.disco_service',
+ 'authentic2',
+)
+
+INSTALLED_APPS = SHARED_APPS + TENANT_APPS
+
+# to override commands (hey, fixme if you can)
+INSTALLED_APPS += ('tenant_schemas', 'entrouvert.djommon.multitenant',)
+
+TENANT_MODEL = 'multitenant.Tenant'
+
+SESSION_SERIALIZER = 'django.contrib.sessions.serializers.JSONSerializer'
+
+if config.getboolean('cache', 'memcached'):
+ CACHES = {
+ 'default': {
+ 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
+ 'LOCATION': '127.0.0.1:11211',
+ },
+ }
+
+# A sample logging configuration. The only tangible logging
+# performed by this configuration is to send an email to
+# the site admins on every HTTP 500 error when DEBUG=False.
+# See http://docs.djangoproject.com/en/dev/topics/logging for
+# more details on how to customize your logging configuration.
+LOGGING = {
+ 'version': 1,
+ 'disable_existing_loggers': False,
+ 'filters': {
+ 'require_debug_false': {
+ '()': 'django.utils.log.RequireDebugFalse'
+ }
+ },
+ 'handlers': {
+ 'mail_admins': {
+ 'level': 'ERROR',
+ 'filters': ['require_debug_false'],
+ 'class': 'django.utils.log.AdminEmailHandler'
+ }
+ },
+ 'loggers': {
+ 'django.request': {
+ 'handlers': ['mail_admins'],
+ 'level': 'ERROR',
+ 'propagate': True,
+ },
+ }
+}
+
+# email settings
+EMAIL_HOST = config.get('email', 'host')
+EMAIL_PORT = config.getint('email', 'port')
+EMAIL_HOST_USER = config.get('email', 'user')
+EMAIL_HOST_PASSWORD = config.get('email', 'password')
+EMAIL_SUBJECT_PREFIX = config.get('email', 'subject_prefix')
+EMAIL_USE_TLS = config.getboolean('email', 'use_tls')
+SERVER_EMAIL = config.get('email', 'server_email')
+DEFAULT_FROM_EMAIL = config.get('email', 'default_from_email')
+
+# sessions
+SESSION_EXPIRE_AT_BROWSER_CLOSE = config.get('session', 'expire_at_browser_close')
+
+LOGIN_REDIRECT_URL = '/'
+LOGIN_URL = '/login'
+LOGOUT_URL = '/accounts/logout'
+
+# Authentic2
+
+DISCO_SERVICE = False
+DISCO_USE_OF_METADATA = False
+DISCO_SERVICE_NAME = 'http://www.identity-hub.com/disco_service/disco'
+DISCO_RETURN_ID_PARAM = 'entityID'
+SHOW_DISCO_IN_MD = False
+USE_DISCO_SERVICE = False
+
+# Authentication settings
+
+AUTH_FRONTENDS = ('authentic2.auth2_auth.backend.LoginPasswordBackend',)
+SSLAUTH_CREATE_USER = False
+AUTHENTICATION_EVENT_EXPIRATION = 3600*24*7
+
+# IdP settings
+
+LOCAL_METADATA_CACHE_TIMEOUT = config.getint('saml', 'local_metadata_cache_timeout')
+SAML_SIGNATURE_PUBLIC_KEY = config.get('saml', 'signature_public_key')
+SAML_SIGNATURE_PRIVATE_KEY = config.get('saml', 'signature_private_key')
+SAML_METADATA_AUTOLOAD = config.get('saml', 'metadata_autoload')
+
+A2_CAN_RESET_PASSWORD = True
+A2_REGISTRATION_CAN_DELETE_ACCOUNT = True
+A2_REGISTRATION_EMAIL_IS_UNIQUE = True
+REGISTRATION_OPEN = True
+ACCOUNT_ACTIVATION_DAYS = 3
+PASSWORD_RESET_TIMEOUT_DAYS = 3
+
+# Admin tools
+ADMIN_TOOLS_INDEX_DASHBOARD = 'authentic2.dashboard.CustomIndexDashboard'
+ADMIN_TOOLS_APP_INDEX_DASHBOARD = 'authentic2.dashboard.CustomAppIndexDashboard'
+ADMIN_TOOLS_MENU = 'authentic2.menu.CustomMenu'
+
+# AUTH systels
+AUTH_SAML2 = False
+AUTH_OPENID = False
+AUTH_SSL = False
+
+# IdP protocols
+IDP_SAML2 = True
+IDP_OPENID = False
+IDP_CAS = False
+
+# List of IdP backends, mainly used to show available services in the homepage
+# of user, and to handle SLO for each protocols
+IDP_BACKENDS = ('authentic2.idp.saml.backend.SamlBackend',)
+
+
+# debug toolbar needs more
+if DEBUG_TOOLBAR:
+ DEBUG_TOOLBAR_CONFIG = {'INTERCEPT_REDIRECTS': False}
+ INSTALLED_APPS += ('debug_toolbar',)
+ MIDDLEWARE_CLASSES += ('debug_toolbar.middleware.DebugToolbarMiddleware',)
+
diff --git a/univnautes_idp/urls.py b/univnautes_idp/urls.py
new file mode 100644
index 0000000..7a53ac9
--- /dev/null
+++ b/univnautes_idp/urls.py
@@ -0,0 +1 @@
+from authentic2.urls import urlpatterns
diff --git a/univnautes_idp/wsgi.py b/univnautes_idp/wsgi.py
new file mode 100644
index 0000000..5798f1f
--- /dev/null
+++ b/univnautes_idp/wsgi.py
@@ -0,0 +1,32 @@
+"""
+WSGI config for univnautes_idp project.
+
+This module contains the WSGI application used by Django's development server
+and any production WSGI deployments. It should expose a module-level variable
+named ``application``. Django's ``runserver`` and ``runfcgi`` commands discover
+this application via the ``WSGI_APPLICATION`` setting.
+
+Usually you will have the standard Django WSGI application here, but it also
+might make sense to replace the whole Django WSGI application with a custom one
+that later delegates to the Django one. For example, you could introduce WSGI
+middleware here, or combine a Django application with an application of another
+framework.
+
+"""
+import os
+
+# We defer to a DJANGO_SETTINGS_MODULE already in the environment. This breaks
+# if running multiple sites in the same mod_wsgi process. To fix this, use
+# mod_wsgi daemon mode with each site in its own daemon process, or use
+# os.environ["DJANGO_SETTINGS_MODULE"] = "univnautes_idp.settings"
+os.environ.setdefault("DJANGO_SETTINGS_MODULE", "univnautes_idp.settings")
+
+# This application object is used by any WSGI server configured to use this
+# file. This includes Django's development server, if the WSGI_APPLICATION
+# setting points here.
+from django.core.wsgi import get_wsgi_application
+application = get_wsgi_application()
+
+# Apply WSGI middleware here.
+# from helloworld.wsgi import HelloWorldApplication
+# application = HelloWorldApplication(application)