Versatile identity management server
Go to file
Benjamin Dauvergne ebad614974 Add note to the README file about using the SAMLv2 IdP 2011-01-06 09:08:16 +01:00
authentic2 [vendor totp_js] update from upstream 2011-01-05 21:15:25 +01:00
data [saml2] add a default certificate and aSAML_SIGNING_KEY setting 2010-12-14 16:39:25 +01:00
debian Change global package name for authentic2 2010-10-22 14:43:51 +02:00
media [idp selection] Modify integration of the ULX mockup. 2010-12-22 09:27:51 +01:00
templates [auth] remove ULX modifications from main template 2010-12-24 13:35:45 +01:00
tests/integration/saml2 [nosetests] Fix password in test_00 file. 2010-10-18 19:30:21 +02:00
.gitignore Add MANIGEST to .gitignore 2011-01-05 20:05:22 +01:00
COPYING Add a COPYING file 2010-05-31 15:47:21 +02:00
MANIFEST.in Add file from included external dependencies to MANIFEST.in 2011-01-06 09:03:04 +01:00
Makefile Update the makefile target to upgrade db schemas 2010-12-21 15:03:25 +01:00
README.rst Add note to the README file about using the SAMLv2 IdP 2011-01-06 09:08:16 +01:00
check-sdist.sh Add a script to control content of the built distribution tarballs 2011-01-05 21:02:09 +01:00
manage.py Change global package name for authentic2 2010-10-22 14:43:51 +02:00
setup.py Add javascript files from the totp_js package 2011-01-05 20:05:06 +01:00

README.rst

=====================================
Authentic - Versatile Identity Server
=====================================

Authentic is a versatile identity provider aiming to address a broad
range of needs, from simple to complex setups; it has support for many
protocols and can bridge between them.

It has support for SAMLv2 thanks to Lasso, a free (GNU GPL)
implementation of the Liberty Alliance specifications.

Dependencies
------------

You must install the following packages to use Authentic
 
 * Python Lasso binding::

   From sources: http://lasso.entrouvert.org/download
   Debian based distribution: apt-get install python-lasso

 * Django-registration::

    From sources: http://bitbucket.org/ubernostrum/django-registration/downloads
    Debian based distribution: apt-get install python-django-registration

 * Django-debug-toolbar::

    From sources: http://github.com/robhudson/django-debug-toolbar/downloads
    Debian based distribution: apt-get install python-django-registration

 * Django-authopenid::

   From sources: http://bitbucket.org/benoitc/django-authopenid/downloads


Quick Start
-----------

Then launch the following commands::

  python manage.py syncdb
  python manage.py runserver

You should see the following output::

  Validating models...
  0 errors found

  Django version 1.2, using settings 'authentic.settings'
  Development server is running at http://127.0.0.1:8000/
  Quit the server with CONTROL-C.

  You can access the running application on http://127.0.0.1:8000/


Specifying a different database
-------------------------------

This is done by modifying the DATABASES dictionary in your local_settings.py file
(create it in Authentic project directory); for example::

 DATABASES['default'] = {
   'ENGINE': 'django.db.backends.postgresql',
   'NAME': 'authentic',
   'USER': 'admindb',
   'PASSWORD': 'foobar',
   'HOST': 'db.example.com',
   'PORT': '', # empty string means default value
 }

You should refer to the Django documentation on databases settings at
http://docs.djangoproject.com/en/dev/ref/settings/#databases for all
the details.

How to authenticate users against an LDAP server with anonymous binding ?
-------------------------------------------------------------------------

1. Install the django_auth_ldap module for Django::

  pip install django_auth_ldap

2. Configure your local_settings.py file for authenticating agains LDAP.
   The next lines must be added::

 import ldap
 from django_auth_ldap.config import LDAPSearch

 # Here put the LDAP URL of your server
 AUTH_LDAP_SERVER_URI = 'ldap://ldap.example.com'
 # Let the bind DN and bind password blank for anonymous binding
 AUTH_LDAP_BIND_DN = ""
 AUTH_LDAP_BIND_PASSWORD = ""
 # Lookup user under the branch o=base and by mathcing their uid against the
 # received login name
 AUTH_LDAP_USER_SEARCH = LDAPSearch("o=base",
     ldap.SCOPE_SUBTREE, "(uid=%(user)s)") 

How to I authenticate against Authentic2 with a SAMLv2 service provider ?
------------------------------------------------------------------------

1. Get the metadata file from the URL::

 htpp[s]://idp-hostname/idp/saml2/metadata

And configure your service provider with it.

2. Go to the providers admin panel on::

 http[s]://admin/saml/libertyprovider/add/

There create a new provider using the service provider metadata and enable it
as a service provider, you can customize some behaviours like the preferred
assertion consumer or encryption for the NameID or the Assertion element.
Copyright
---------

Authentic is copyrighted by Entr'ouvert and is licensed through the GNU General
Public Licence, version 2 or later. A copy of the whole license text is
available in the COPYING file.