authentic

Versatile identity management server

Go to file

Benjamin Dauvergne 2a59ac4d63 Improve python packaging for release 1.9.1		2011-02-11 16:12:21 +01:00
authentic2	Remove README from idp_openid, append it to root README.rst file	2011-02-11 16:11:53 +01:00
data	[saml2] add a default certificate and aSAML_SIGNING_KEY setting	2010-12-14 16:39:25 +01:00
debian	Change global package name for authentic2	2010-10-22 14:43:51 +02:00
media	Remove symlinks in media/ks	2011-02-11 13:54:35 +01:00
tests/integration/saml2	[nosetests] Fix password in test_00 file.	2010-10-18 19:30:21 +02:00
.gitignore	Add MANIGEST to .gitignore	2011-01-05 20:05:22 +01:00
COPYING	Add a COPYING file	2010-05-31 15:47:21 +02:00
MANIFEST.in	Improve python packaging for release 1.9.1	2011-02-11 16:12:21 +01:00
Makefile	Update the makefile target to upgrade db schemas	2010-12-21 15:03:25 +01:00
README.rst	Remove README from idp_openid, append it to root README.rst file	2011-02-11 16:11:53 +01:00
check-sdist.sh	Improve python packaging for release 1.9.1	2011-02-11 16:12:21 +01:00
diagnose.py	Add a script which tell version of library dependencies	2011-02-10 22:57:32 +01:00
setup.py	Improve python packaging for release 1.9.1	2011-02-11 16:12:21 +01:00

README.rst

=====================================
Authentic - Versatile Identity Server
=====================================

Authentic is a versatile identity provider aiming to address a broad
range of needs, from simple to complex setups; it has support for many
protocols and can bridge between them.

It has support for SAMLv2 thanks to Lasso, a free (GNU GPL)
implementation of the Liberty Alliance specifications.

Dependencies
------------

You must install the following packages to use Authentic

 * Python Lasso binding::

   From sources: http://lasso.entrouvert.org/download
   Debian based distribution: apt-get install python-lasso

 * Django-registration::

    From sources: http://bitbucket.org/ubernostrum/django-registration/downloads
    Debian based distribution: apt-get install python-django-registration

 * Django-authopenid::

   From sources: http://bitbucket.org/benoitc/django-authopenid/downloads

 * Django-south::

   From sources:: http://south.aeracode.org/docs/installation.html

You install all the django libraries quickly using pip::

   pip install django django-registration django-debug-toolbar django-authopenid south

or easy_install::

   easy_install django django-registration django-debug-toolbar django-authopenid south

Quick Start
-----------

Then launch the following commands::

  python manage.py syncdb --migrate
  python manage.py runserver

You should see the following output::

  Validating models...
  0 errors found

  Django version 1.2, using settings 'authentic.settings'
  Development server is running at http://127.0.0.1:8000/
  Quit the server with CONTROL-C.

  You can access the running application on http://127.0.0.1:8000/


Specifying a different database
-------------------------------

This is done by modifying the DATABASES dictionary in your local_settings.py file
(create it in Authentic project directory); for example::

 DATABASES['default'] = {
   'ENGINE': 'django.db.backends.postgresql',
   'NAME': 'authentic',
   'USER': 'admindb',
   'PASSWORD': 'foobar',
   'HOST': 'db.example.com',
   'PORT': '', # empty string means default value
 }

You should refer to the Django documentation on databases settings at
http://docs.djangoproject.com/en/dev/ref/settings/#databases for all
the details.

How to authenticate users against an LDAP server with anonymous binding ?
-------------------------------------------------------------------------

1. Install the django_auth_ldap module for Django::

  pip install django_auth_ldap

2. Configure your local_settings.py file for authenticating agains LDAP.
   The next lines must be added::

 import ldap
 from django_auth_ldap.config import LDAPSearch

 # Here put the LDAP URL of your server
 AUTH_LDAP_SERVER_URI = 'ldap://ldap.example.com'
 # Let the bind DN and bind password blank for anonymous binding
 AUTH_LDAP_BIND_DN = ""
 AUTH_LDAP_BIND_PASSWORD = ""
 # Lookup user under the branch o=base and by mathcing their uid against the
 # received login name
 AUTH_LDAP_USER_SEARCH = LDAPSearch("o=base",
     ldap.SCOPE_SUBTREE, "(uid=%(user)s)") 

How to I authenticate against Authentic2 with a SAMLv2 service provider ?
------------------------------------------------------------------------

1. Get the metadata file from the URL::

 htpp[s]://idp-hostname/idp/saml2/metadata

And configure your service provider with it.

2. Go to the providers admin panel on::

 http[s]://admin/saml/libertyprovider/add/

There create a new provider using the service provider metadata and enable it
as a service provider, you can customize some behaviours like the preferred
assertion consumer or encryption for the NameID or the Assertion element.

How to upgrade to a new version of authentic ?
----------------------------------------------

Authentic store all its data in a relational database as specified in its
settings.py or local_settings.py file. So in order to upgrade to a new version
of authentic you have to update your database schema using the
migration command — you will need to have installed the dependency django-south,
see the beginning of this README file.::

  python ./manage.py migrate

Then you will need to create new tables if there are.::

  python ./manage.py syncdb

Copyright
---------

Authentic is copyrighted by Entr'ouvert and is licensed through the GNU General
Public Licence, version 2 or later. A copy of the whole license text is
available in the COPYING file.

The OpenID IdP originates in the project django_openid_provider by Roman
Barczy¿ski, which is under the Apache 2.0 licence. This imply that you must
distribute authentic2 under the GPL3 licence when distributing this part of the
project which is the only GPL licence version compatible with the Apache 2.0
licence.