Geek Answers Handbook

Single sign-on to Django site through remote Active Directory

I developed an Intranet for a client using Django. Users subscribe to their computers through Active Directory. I am currently registering them through the standard Django contrib.auth and using Active Directory through user login servers.

I would like users to be able to use SSO through their existing Active Directory login to automatically log into the Django site.

I understand that this should be done through REMOTE_USER ( https://docs.djangoproject.com/en/dev/howto/auth-remote-user/ ), but the documentation says: "where the web server sets the REMOTE_USER environment variable" . This assumes that the Django site and the authentication server are on the same server, no?

In my case, the Django site runs on a Linux + Apache server and in Active Directory on another Windows machine (there are actually two different AD servers for which we use to log in), so I don’t know how the REMOTE_USER env variable will be installed.

All users use Windows machines.

+4
source share
2 answers

Thus, the magic word is Kerberos authentication.

django, -. , kerberos, REMOTE_USER, .

LDAP .

CentOS. , , , , ; -)

http://wiki.centos.org/HowTos/HttpKerberosAuth

+1

Kerebos LDAP:

  • mod_ldap mod_authz_ldap
  • Active Directory, " "

  • httpd.conf

    <Location />
  AuthName "Please enter your SSO credentials."
  AuthBasicProvider ldap
  AuthType basic
  AuthLDAPUrl "ldap://my.activedirectory.com:389/OU=Offices,DC=activedirectory,DC=com?sAMAccountName"
  AuthLDAPBindDN "CN=binding_account,OU=Administrators,DC=activedirectory,DC=com"
  AuthLDAPBindPassword <binding password>
  AuthLDAPBindAuthoritative off
  LDAPReferrals off
  Require valid-user
</Location>
    1. Django RemoteUserMiddleware RemoteUserBackend AUTHENTICATION_BACKENDS.

. LDAP Apache, :

Apache LDAP auth dialog

+1

More articles:


All Articles