= Add to settings =
SAML_SIGNATURE_PRIVATE_KEY = *your_key*
INSTALLED_APPS += ('*project*.authsaml2', '*project*.authsaml2.saml',)
AUTHENTICATION_BACKENDS = (
'django.contrib.auth.backends.ModelBackend',
'*project*.authsaml2.backends.SAML2AuthBackend',
)
When login_required() with registration and you want to add on the login page the login with a federated account:
- the template is directly called: use a context processor to pass a variable
TEMPLATE_CONTEXT_PROCESSORS += (
'spsaml.views.idp_list',
)
spsaml.views.idp_list:
def idp_list(request):
return {'providers_list': authsaml2.saml.common.get_idp_list()}
- modify LOGIN_URL
LOGIN_URL = '/login/'
url(r'^login/', spsaml.views.login)
Pass {'providers_list': authsaml2.saml.common.get_idp_list()} to the template
Then configure in the admin part your SP
= Target URL =
After logout, the parameter 'Back url' is used. If empty, authsaml2 returns to the root.
After login, authsaml2 will redirect in a parameter you have to register,
authsaml2 returns to the root of the site.
To register a url, if a fonction is called with the next parameter in the url,
as it is the case usually with a login page, just call:
authsaml2.saml2_endpoints.register_next_target(request)
If there is no next parameter call this function giving the target url
authsaml2.saml2_endpoints.register_next_target(request, target_url)
After defederation, by default the local session is not sesion is not ended
and the back url is the one of calling of the defederation function.
= Call AuthSAML2 from your login page =
* Views:
from django.shortcuts import render_to_response
from django.template import RequestContext
from django.contrib.auth import views as auth_views
import authentic2.authsaml2.saml2_endpoints
def login(request):
authsaml2.saml2_endpoints.register_next_target(request)
return auth_views.login(request)
* Template:
{% if providers_list %}
{% trans "Log in with a federated account?" %}
<ul>
{% for p in providers_list %}
<li><a href="/authsaml2/sso?entity_id={{ p.entity_id }}" >{{ p.entity_id }}</a></li>
{% endfor %}
</ul>
{% endif %}
= Call AuthSAML2 into the application for user account management =
* Views:
from django.shortcuts import render_to_response
from django.template import RequestContext
from django.contrib.auth import views as auth_views
import authentic2.authsaml2.saml2_endpoints
import authentic2.authsaml2.saml.common
def inside(request):
authsaml2.saml2_endpoints.register_next_target(request, '/in')
return render_to_response('in.html', {'providers_list_federated': authsaml2.saml.common.get_idp_user_federated_list(request),
'providers_list_not_federated': authsaml2.saml.common.get_idp_user_not_federated_list(request),
'provider_active_session': authsaml2.saml.common.get_provider_of_active_session(request)},
context_instance=RequestContext(request))
* Template:
{% if providers_list_not_federated %}
{% trans "Federate your identity" %}
<ul>
{% for p in providers_list_not_federated %}
<li><a href="/authsaml2/sso?entity_id={{ p.entity_id }}/">{{ p.entity_id }}</a></li>
{% endfor %}
</ul>
{% endif %}
{% if providers_list_federated %}
{% trans "Defederate your identity" %}
<ul>
{% for p in providers_list_not_federated %}
<li><a href="/authsaml2/defederate/{{ p.entity_id }}/">{{ p.entity_id }}</a></li>
{% endfor %}
</ul>
{% endif %}
{% if provider_active_session %}
{% trans "Logout" %}
<ul>
<li>{% trans "Global Logout: " %}<a href="/authsaml2/logout/{{ provider_active_session.entity_id }}/">{{ provider_active_session.entity_id }}</a></li>
<li><p><a href="{% url auth_logout %}">{% trans "Local log out" %}</a></p></li>
</ul>
{% else %}
<a href="{% url auth_logout %}">{% trans "Log out" %}</a>
{% endif %}
Now in idp/__init__.py
tpl_parameters['providers_list_federated'] = authentic.saml.common.get_idp_user_federated_list(request)
tpl_parameters['providers_list_not_federated'] = authentic.saml.common.get_idp_user_not_federated_list(request)
Benjamin Dauvergne
83206efa55