| author | Nishanth Amuluru <nishanth@fossee.in> |
| Sat, 08 Jan 2011 22:20:41 +0530 | |
| changeset 94 | 385702a0bbde |
| parent 69 | c6bca38c1cbf |
| permissions | -rw-r--r-- |
|
69
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
1 |
==================================== |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
2 |
Authentication using ``REMOTE_USER`` |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
3 |
==================================== |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
4 |
|
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
5 |
.. currentmodule:: django.contrib.auth.backends |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
6 |
|
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
7 |
This document describes how to make use of external authentication sources |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
8 |
(where the Web server sets the ``REMOTE_USER`` environment variable) in your |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
9 |
Django applications. This type of authentication solution is typically seen on |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
10 |
intranet sites, with single sign-on solutions such as IIS and Integrated |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
11 |
Windows Authentication or Apache and `mod_authnz_ldap`_, `CAS`_, `Cosign`_, |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
12 |
`WebAuth`_, `mod_auth_sspi`_, etc. |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
13 |
|
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
14 |
.. _mod_authnz_ldap: http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
15 |
.. _CAS: http://www.jasig.org/cas |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
16 |
.. _Cosign: http://weblogin.org |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
17 |
.. _WebAuth: http://www.stanford.edu/services/webauth/ |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
18 |
.. _mod_auth_sspi: http://sourceforge.net/projects/mod-auth-sspi |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
19 |
|
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
20 |
When the Web server takes care of authentication it typically sets the |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
21 |
``REMOTE_USER`` environment variable for use in the underlying application. In |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
22 |
Django, ``REMOTE_USER`` is made available in the :attr:`request.META |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
23 |
<django.http.HttpRequest.META>` attribute. Django can be configured to make |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
24 |
use of the ``REMOTE_USER`` value using the ``RemoteUserMiddleware`` and |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
25 |
``RemoteUserBackend`` classes found in :mod:`django.contrib.auth`. |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
26 |
|
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
27 |
Configuration |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
28 |
============= |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
29 |
|
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
30 |
First, you must add the |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
31 |
:class:`django.contrib.auth.middleware.RemoteUserMiddleware` to the |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
32 |
:setting:`MIDDLEWARE_CLASSES` setting **after** the |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
33 |
:class:`django.contrib.auth.middleware.AuthenticationMiddleware`:: |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
34 |
|
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
35 |
MIDDLEWARE_CLASSES = ( |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
36 |
... |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
37 |
'django.contrib.auth.middleware.AuthenticationMiddleware', |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
38 |
'django.contrib.auth.middleware.RemoteUserMiddleware', |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
39 |
... |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
40 |
) |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
41 |
|
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
42 |
Next, you must replace the :class:`~django.contrib.auth.backends.ModelBackend` |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
43 |
with ``RemoteUserBackend`` in the :setting:`AUTHENTICATION_BACKENDS` setting:: |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
44 |
|
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
45 |
AUTHENTICATION_BACKENDS = ( |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
46 |
'django.contrib.auth.backends.RemoteUserBackend', |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
47 |
) |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
48 |
|
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
49 |
With this setup, ``RemoteUserMiddleware`` will detect the username in |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
50 |
``request.META['REMOTE_USER']`` and will authenticate and auto-login that user |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
51 |
using the ``RemoteUserBackend``. |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
52 |
|
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
53 |
.. note:: |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
54 |
Since the ``RemoteUserBackend`` inherits from ``ModelBackend``, you will |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
55 |
still have all of the same permissions checking that is implemented in |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
56 |
``ModelBackend``. |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
57 |
|
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
58 |
If your authentication mechanism uses a custom HTTP header and not |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
59 |
``REMOTE_USER``, you can subclass ``RemoteUserMiddleware`` and set the |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
60 |
``header`` attribute to the desired ``request.META`` key. For example:: |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
61 |
|
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
62 |
from django.contrib.auth.middleware import RemoteUserMiddleware |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
63 |
|
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
64 |
class CustomHeaderMiddleware(RemoteUserMiddleware): |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
65 |
header = 'HTTP_AUTHUSER' |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
66 |
|
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
67 |
|
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
68 |
``RemoteUserBackend`` |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
69 |
===================== |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
70 |
|
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
71 |
.. class:: django.contrib.auth.backends.RemoteUserBackend |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
72 |
|
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
73 |
If you need more control, you can create your own authentication backend |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
74 |
that inherits from ``RemoteUserBackend`` and overrides certain parts: |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
75 |
|
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
76 |
Attributes |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
77 |
~~~~~~~~~~ |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
78 |
|
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
79 |
.. attribute:: RemoteUserBackend.create_unknown_user |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
80 |
|
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
81 |
``True`` or ``False``. Determines whether or not a |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
82 |
:class:`~django.contrib.auth.models.User` object is created if not already |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
83 |
in the database. Defaults to ``True``. |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
84 |
|
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
85 |
Methods |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
86 |
~~~~~~~ |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
87 |
|
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
88 |
.. method:: RemoteUserBackend.clean_username(username) |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
89 |
|
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
90 |
Performs any cleaning on the ``username`` (e.g. stripping LDAP DN |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
91 |
information) prior to using it to get or create a |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
92 |
:class:`~django.contrib.auth.models.User` object. Returns the cleaned |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
93 |
username. |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
94 |
|
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
95 |
.. method:: RemoteUserBackend.configure_user(user) |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
96 |
|
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
97 |
Configures a newly created user. This method is called immediately after a |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
98 |
new user is created, and can be used to perform custom setup actions, such |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
99 |
as setting the user's groups based on attributes in an LDAP directory. |
|
c6bca38c1cbf
Added buildout stuff and made changes accordingly
Nishanth Amuluru <nishanth@fossee.in>
parents:
diff
changeset
|
100 |
Returns the user object. |