111 lines
4.1 KiB
Plaintext
111 lines
4.1 KiB
Plaintext
= Add to settings =
|
|
|
|
SAML_SIGNATURE_PRIVATE_KEY = *your_key*
|
|
INSTALLED_APPS += ('*project*.authsaml2', '*project*.authsaml2.saml',)
|
|
AUTHENTICATION_BACKENDS = (
|
|
'django.contrib.auth.backends.ModelBackend',
|
|
'*project*.authsaml2.backends.SAML2AuthBackend',
|
|
)
|
|
|
|
When login_required() with registration and you want to add on the login page the login with a federated account:
|
|
- the template is directly called: use a context processor to pass a variable
|
|
TEMPLATE_CONTEXT_PROCESSORS += (
|
|
'spsaml.views.idp_list',
|
|
)
|
|
spsaml.views.idp_list:
|
|
def idp_list(request):
|
|
return {'providers_list': authsaml2.saml.common.get_idp_list()}
|
|
- modify LOGIN_URL
|
|
LOGIN_URL = '/login/'
|
|
url(r'^login/', spsaml.views.login)
|
|
Pass {'providers_list': authsaml2.saml.common.get_idp_list()} to the template
|
|
|
|
Then configure in the admin part your SP
|
|
|
|
= Target URL =
|
|
|
|
After logout, the parameter 'Back url' is used. If empty, authsaml2 returns to the root.
|
|
|
|
After login, authsaml2 will redirect in a parameter you have to register,
|
|
authsaml2 returns to the root of the site.
|
|
To register a url, if a fonction is called with the next parameter in the url,
|
|
as it is the case usually with a login page, just call:
|
|
authsaml2.saml2_endpoints.register_next_target(request)
|
|
If there is no next parameter call this function giving the target url
|
|
authsaml2.saml2_endpoints.register_next_target(request, target_url)
|
|
|
|
After defederation, by default the local session is not sesion is not ended
|
|
and the back url is the one of calling of the defederation function.
|
|
|
|
= Call AuthSAML2 from your login page =
|
|
|
|
* Views:
|
|
from django.shortcuts import render_to_response
|
|
from django.template import RequestContext
|
|
from django.contrib.auth import views as auth_views
|
|
import authentic2.authsaml2.saml2_endpoints
|
|
|
|
def login(request):
|
|
authsaml2.saml2_endpoints.register_next_target(request)
|
|
return auth_views.login(request)
|
|
|
|
* Template:
|
|
|
|
{% if providers_list %}
|
|
{% trans "Log in with a federated account?" %}
|
|
<ul>
|
|
{% for p in providers_list %}
|
|
<li><a href="/authsaml2/sso?entity_id={{ p.entity_id }}" >{{ p.entity_id }}</a></li>
|
|
{% endfor %}
|
|
</ul>
|
|
{% endif %}
|
|
|
|
= Call AuthSAML2 into the application for user account management =
|
|
|
|
* Views:
|
|
from django.shortcuts import render_to_response
|
|
from django.template import RequestContext
|
|
from django.contrib.auth import views as auth_views
|
|
import authentic2.authsaml2.saml2_endpoints
|
|
import authentic2.authsaml2.saml.common
|
|
|
|
def inside(request):
|
|
authsaml2.saml2_endpoints.register_next_target(request, '/in')
|
|
return render_to_response('in.html', {'providers_list_federated': authsaml2.saml.common.get_idp_user_federated_list(request),
|
|
'providers_list_not_federated': authsaml2.saml.common.get_idp_user_not_federated_list(request),
|
|
'provider_active_session': authsaml2.saml.common.get_provider_of_active_session(request)},
|
|
context_instance=RequestContext(request))
|
|
|
|
* Template:
|
|
{% if providers_list_not_federated %}
|
|
{% trans "Federate your identity" %}
|
|
<ul>
|
|
{% for p in providers_list_not_federated %}
|
|
<li><a href="/authsaml2/sso?entity_id={{ p.entity_id }}/">{{ p.entity_id }}</a></li>
|
|
{% endfor %}
|
|
</ul>
|
|
{% endif %}
|
|
{% if providers_list_federated %}
|
|
{% trans "Defederate your identity" %}
|
|
<ul>
|
|
{% for p in providers_list_not_federated %}
|
|
<li><a href="/authsaml2/defederate/{{ p.entity_id }}/">{{ p.entity_id }}</a></li>
|
|
{% endfor %}
|
|
</ul>
|
|
{% endif %}
|
|
{% if provider_active_session %}
|
|
{% trans "Logout" %}
|
|
<ul>
|
|
<li>{% trans "Global Logout: " %}<a href="/authsaml2/logout/{{ provider_active_session.entity_id }}/">{{ provider_active_session.entity_id }}</a></li>
|
|
<li><p><a href="{% url 'auth_logout' %}">{% trans "Local log out" %}</a></p></li>
|
|
</ul>
|
|
{% else %}
|
|
<a href="{% url 'auth_logout' %}">{% trans "Log out" %}</a>
|
|
{% endif %}
|
|
|
|
Now in idp/__init__.py
|
|
|
|
tpl_parameters['providers_list_federated'] = authentic.saml.common.get_idp_user_federated_list(request)
|
|
tpl_parameters['providers_list_not_federated'] = authentic.saml.common.get_idp_user_not_federated_list(request)
|
|
|