Integrate with an ADFS Server for Login

[Me Sulphur]

Hi,

For one of our new deployments we need to replace our authentication (django's default) with the client's Single Sign On (SSO). The client uses ADFS 2.0 for SSO.
None of us have ever worked on .NET/Windows techologies; we tried to look up at many places but no leads on where to start. Possibly, the apps -  djangosaml2 or pysaml2 - can help but could not figure out how to use them for our use case.

Please if someone can provide the lead on how to proceed, I'd be thankful.

[Frank Bieniek]

Hi,

I found these ones, after some googleing, hope they migth help you...

ldap authentication:
http://stackoverflow.com/questions/10725891/authenticating-to-active-directory-with-python-ldap-always-returns-97

active directory python
https://github.com/dfwarden/ActiveDirectory-Python
active directory django
https://djangosnippets.org/snippets/2899/

Thanks
Frank

> --
> You received this message because you are subscribed to the Google
> Groups "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to django-users...@googlegroups.com.
> To post to this group, send email to django...@googlegroups.com.
> Visit this group at http://groups.google.com/group/django-users.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/22f86263-5c57-4244-ad63-67f9f528df68%40googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.

[Tom Evans]

This area isn't well served - for future posters, he is not trying to
authenticate against LDAP, nor against AD. He wants users to be
identified by their own organization and identity information passed
back to his site from the partners AD.

The thing with SAML is that there are lots of different Profiles and
Transports that describe precisely how to communicate with an Identity
Provider. The plus side for you is that you are implementing a Service
Provider (SP) and not as an Identity Provider (IdP) - ie you have a
site that people log in to, not a site that stores and provides
identity information.

You will need to determine what interop support ADFS has for SAML 2.0,
what Profiles and Transports it expects to use.

I don't know much about the libraries you mentioned. We used py-lasso,
which is a library for producing, interpreting, signing/validating and
encrypting/decrypting SAML messages. The documentation was ..... less
than good. In the most part we relied on reading the C sources to
lasso and the SWIG bindings to determine what functions to call and
when.

Plus, we were not doing interop, we were writing our own IdP that
talked to our own SPs, so we had complete blanket choice over what
Profiles to use.

I do not think you can achieve this by simply "Install this package,
add this setting". Happy to be told otherwise!

Cheers

Tom

[Me Sulphur]

Hi Tom,

You understood our requirements precisely. We do not have significant time or ability to dig deep into platforms like C & SWIG. We have agreed to have a C# intermediay to do all the ADFS/Windows stuff and use another callback URL from C# to Django for logging the user in.

Thanks & Regards

--
You received this message because you are subscribed to a topic in the Google Groups "Django users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/django-users/Xkvwii1_HBs/unsubscribe.
To unsubscribe from this group and all its topics, send an email to django-users...@googlegroups.com.

To post to this group, send email to django...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.

To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAFHbX1J1e9JMOPaYfKGaWPVcJ%2BWNQyhn0JHxHXqRpNL1HPoA3w%40mail.gmail.com.