Django admin SSO lets users login to a django admin using an OAuth2 or an openid provider. It then looks up the email address of the new user and looks up the rights for them.
Make sure you have a working django project setup.
Install django-admin-sso using pip:
pip install django-admin-sso
Add
admin_ssotoINSTALLED_APPSin yoursettings.pyfile:INSTALLED_APPS = ( ... 'admin_sso', ... )Add the django-admin authentication backend:
AUTHENTICATION_BACKENDS = ( 'admin_sso.auth.DjangoSSOAuthBackend', 'django.contrib.auth.backends.ModelBackend', )Insert your oauth client id and secret key into your settings file:
DJANGO_ADMIN_SSO_OAUTH_CLIENT_ID = 'your client id here' DJANGO_ADMIN_SSO_OAUTH_CLIENT_SECRET = 'your client secret here'
Navigate to Google's
Developer Console, create a
new project, and create a new client ID under the menu point "APIs & AUTH",
"Credentials". The redirect URI should be of the form
http://example.com/admin/admin_sso/assignment/end/
If you don't specify a client id django-admin-sso will fallback to openid.
- Run syncdb to create the needed database tables.
- Log into the admin and add an Assignment.
- Select Username mode "any".
- Set Domain to your authenticating domain.
- Select your local user from the User drop down.
- Select Username mode "matches" or "don't match".
- Set username to [not] match by.
- Set Domain to your authenticating domain.
- Select your local user from the User drop down.
- Add support for OAuth2.0 since google closes its OpenID endpoint https://developers.google.com/accounts/docs/OpenID
- Using OpenID is now deprecated and OpenID support will be removed in a future release.
- Add more tests to get a decent coverage.