I have 3 applications developed with Django Framework and i need to centralize authentification through Single Sign-On (SSO) with Azure AD.
My questions are the following :
What is the best architecture to implement the solution?
Which libraries should i use ?
(i'll be gratefull if usefull tutorials are attached :p)
Microsoft has an official guide for that: Enable user sign-in to your Django web app using Azure AD
Related
I've deployed a Python & Django Application in IBM Cloud Foundry and trying to integrate APP-ID for SSO. I received the OIDC provider information from the metadata provided from the APP-ID. But my question is how do I integrate the APP-ID with DJANGO APPLICATION for a Successful integration of SSO?
Here is an example of how flask application, can be used but is there an example or process of how a Django application is done?
https://dzone.com/articles/securing-your-python-app-with-openid-connect-oidc-1
For this integration, I tried to use below links for OIDC client in Django App and IBM APP-ID information for integration but no luck.
APP-ID: https://dzone.com/articles/securing-your-python-app-with-openid-connect-oidc-1
OIDC: https://django-oidc-rp.readthedocs.io/en/stable/getting_started.html
The DZone article on the Python app with OIDC refers to this IBM Cloud solution tutorial. The tutorial discusses the use of IBM Cloud App ID for the Python Flask app and provides the code in this GitHub repository. Take a look at how the Flask OIDC module is initialized:
# Configure access to App ID service for the OpenID Connect client
appID_clientinfo=ClientMetadata(client_id=appIDInfo['clientId'],client_secret=appIDInfo['secret'])
appID_config = ProviderConfiguration(issuer=appIDInfo['oauthServerUrl'],client_metadata=appID_clientinfo)
The code uses OIDC discovery for the actual setup. It requires only the clientID and secret as well as the URI. Aren't those exactly the properties you are asked for in the second article you linked to?
I'm using mozilla-django-oidc. The setup is well documented:
https://mozilla-django-oidc.readthedocs.io/en/stable/installation.html#quick-start
It looks quite similar to django-oidc-rp from a quick glance, but mozilla-django-oidc seems to be a bit more active on github and works for me.
I'm trying to get Google authentication working against Azure App Service from a web site and later hopefully from Cordova. There is a lot of information related to the old Azure Mobile Services, but not much on App Services. Microsoft did exclude tutorials on how to do it from web.
I included <script src="http://ajax.aspnetcdn.com/ajax/mobileservices/MobileServices.Web-1.2.7.min.js"></script>, don't know if this is still current?
Any pointers on how to handle authentication are appreciated!
This is possible using the Authentication/Authorization feature. Refer this article for more information: https://azure.microsoft.com/en-in/blog/announcing-app-service-authentication-authorization/
https://azure.microsoft.com/en-in/documentation/articles/app-service-mobile-how-to-configure-google-authentication/
AFAIK, there is no native support for Cordova in Azure App Service Mobile App. You will have to implement this yourself.
Hi Guys
I am trying to create a web app to share docs with all editor features (just like google docs).
My main requirements for this app are as follows:
1. Should have all editor features (can be done using open office api, google docs api, Microsoft office web apps api)
2. Should be shared between multiple users and can be edited by multiple users and other sync features (can be done using google docs api, Microsoft office web apps)
3. Can save the document created and edited on my own/ custom server addr. (Which api can support this??? I know open office can support this)
Guys can you please suggest me one api which can be used to do all the above. Also please suggest if I am underestimating any API above regarding any functionality that i thing is not supported.
Thanks
King
What you are asking for is so complex it takes a Google to make a "in progress" version!
Can't you just use Google API? Its is free. Your only issue would be logging users via OAuth, 1 simple API
I want to integrate my Django web application with other web based products (most likely 3rd party non-django applications.) How can I let other sites sign in their users to my site with a single sign-on? How would I store the usernames and passwords for the 3rd party sites users securely on my site to sign on my users to the 3rd part sites?
Some more ideas...
OAuth
OAuth for non-enterprise app. Django projects: django-oauth and django-oauth-consumer. Article: oauth in Django
SAML
Security Assertion Markup Language (SAML) is more for enterprise apps because it gives the "enterprise" more control over their own users and which of those users can access the app. This protocol is (was?) mostly driven by Google and friends (e.g. salesforce.com).
Articles: SAML Single Sign-On (SSO) Service for Google Apps and Demystifying SAML.
Python projects: PySAML and blog post
Django integration: SAML with Django (not a complete solution... just a starting point. Uses PySAML)
Information Cards
IIRC Information Cards are the Microsoft universe equivalent to SAML. Python projects: Python Information Card Processing and Information Cards for Python.
Nothing for Django as far as I know.
--Edit--
There is also CAS (User Manual) which can be integrated with django-cas.
And two more SAML projects I had forgotten about: gheimdall2 and python-saml2
Never used it, but there is Django-sso.
http://openid.net/
There are other possibilities, but I wouldn't sweat over them because OpenID is used by lots of people and is the largest one of its kind.
I will launch soo a new iPhone app and want to off-load the forums to my actual FogBugz On Demand account.
However, I discover that FOD have no facility to integrate Single sing-on. I use django and have the option to use open-id, but not know if exist a way to make this happend.
Obviously, I could hack a simple forums like the one on FogBugz in django or reuse one, but I just think that aintegrated forum with the bug tracking is the best thing.
Any idea?
FogBugz On Demand now natively includes some authentication methods other than the standard username/password authentication.
Setting up authentication with Google's OAuth is quite simple for companies using Google Apps for work email. Once an administrator enables OAuth following the instructions in this article on Fog Creek Software's help site, logging in is as simple as clicking the OAuth button on the login page. All of the users' settings are retained.
If you’re already managing the rest of your authentication through a SAML 2.0 provider, you can also use your identity provider for FogBugz login. Steps for configuring SSO can be found in this article. This requires a bit more configuration than OAuth, but will work for companies that don't use Google Apps for email.
Of course, if you have any questions about configuring SSO in FogBugz, you can always contact customer support at http://www.fogcreek.com/contact/.
From the FogBugz forum:
http://support.fogcreek.com/default.asp?fogbugz.4.102256.3
I believe this is you there also. The answer provided shouldn't be too difficult to implement.