How to use Single Sign-On (SSO) with pyramid
533 views
Skip to first unread message
Sami Pietilä
Feb 10, 2016, 7:15:38 AM2/10/16
to pylons-discuss
Hi,
The organization I work for has a Single Sign-On. I would like to authenticate pyramid application user with the SSO. I am not that familiar with SSO, but I guess I have first to forward to the SSO by doing something like: (response = Response(status_int=302, location="https://sso.myorganization.com")) and also somehow tell to SSO where to redirect back after successful authentication. After SSO has redirected back to pyramid app there should be a cookie set by SSO from which I can somehow discover which user has authenticated.
How can I authenticate user against external SSO in pyramid app? Pyramid docs search gave nothing when I tried with "single sign-on" or "SSO".
Thanks
Mariano Mara
Feb 10, 2016, 7:32:22 AM2/10/16
to pylons-...@googlegroups.com
I believe pyramid_who [1] is your best chance to do what you need.
Arndt Droullier
Feb 10, 2016, 12:00:27 PM2/10/16
to Pyramid on google groups
How can I authenticate user against external SSO in pyramid app? Pyramid docs search gave nothing when I tried with "single sign-on" or "SSO".
Single Sign On is (just) a technical concept.
How it is actually implemented depends on your SSO provider (encryption, keys, format, ...). So first of all
you should ask them for technical details.
And make sure it is not OpenAuth or OpenID; unlike SSO in general there are a few python client libs ready to use.
However it is about handling cookies you can use pyramids `pyramid.authentication.AuthTktAuthenticationPolicy`
as a starting point and build your own authentication policy.
There are a few examples in the cookbook:
Arndt.
----------------------------------------------------------------------------------------------
Arndt Droullier, Nive GmbH, Köln, Germany
Jonathan Vanasco
Feb 10, 2016, 1:08:54 PM2/10/16
to pylons-discuss
On Wednesday, February 10, 2016 at 12:00:27 PM UTC-5, Arndt Droullier wrote:
And make sure it is not OpenAuth or OpenID; unlike SSO in general there are a few python client libs ready to use.
Assuming OpenAuth means oAuth, this low-level package is pretty great - https://github.com/idan/oauthlib
It's incredibly low-level, but I was able to build out an oauth2 API with it under pyramid in a day. (as in an API that we host and people authenticate to). The only downside is that it enforces the specs, and a lot of oauth providers are broken. (Twitter, for example, uses mixed params in a few endpoints – so you need to patch the library to setup tests against a mock endpoint OR test against the real endpoint).
If you're not maintaining the endpoint and just using a client, the easiest thing to look at a popular oauth/openid provider and repurpose their packages for your own.
There's also velruse (https://velruse.readthedocs.org/en/latest/) could be extended to custom providers.
There's also velruse (https://velruse.readthedocs.org/en/latest/) could be extended to custom providers.
Jens W. Klein
Feb 10, 2016, 1:56:20 PM2/10/16
to pylons-...@googlegroups.com
On 2016-02-10 13:15, Sami Pietilä wrote:
[...]
OAuth1 or OAuth2 there is the really good package Authomatic
http://peterhudec.github.io/authomatic/examples/pyramid-simple.html
around which solves this very clean.
Jens
--
Klein & Partner KG, member of BlueDynamics Alliance
[...]
> How can I authenticate user against external SSO in pyramid app? Pyramid
> docs search gave nothing when I tried with "single sign-on" or "SSO".
As already commented SSO is a generic concept. If youre SSO is OpenID,
> docs search gave nothing when I tried with "single sign-on" or "SSO".
OAuth1 or OAuth2 there is the really good package Authomatic
http://peterhudec.github.io/authomatic/examples/pyramid-simple.html
around which solves this very clean.
Jens
--
Klein & Partner KG, member of BlueDynamics Alliance
Reply all
Reply to author
Forward
Message has been deleted
0 new messages