On Thu, Jan 27, 2011 at 11:59 AM, PeteDK wrote:
> Hi groups users :)
>
> The thing is. I have one django app serving different sites.
>
> site1.myapp.com
> site2.myapp.com
>
> The users login via a 3rd party SSO system which is then
> redirected(inkl. a valdiation POST) to https://myapp.com/auth/
> I can only choose one destination for this POST, so it has to be on my
> maindomain.
>
> However. since my users all belong to only 1 "site", I would like
> myapp.com/auth/ to log the user into the relevant site, ex.
> site1.myapp.com or site2.myapp.com and then redirect them to that
> site…
>
> I could of course just redirect after receiving the validation POST,
> but then I wouldn't be able to use all the informations in this post.
>
> Is this at all possible?? or should i go about this in a totally
> different way? :)
>
> I should mention that when it comes to the general usage of the app I
> have subdomain middleware to ensure that the users always only visit
> the subdomain(and data) that their account is valid for.
>
> The reason I want to use subdomains is to make it simple for the users
> to remember their account url, while maintaining the pros of having to
> maintain just one django app.
>
> thanks. hope you can help :)
>
> kind regards.
>
> pete
>
If both sites are served by one django application (eg, both sites use
the same db backend), and all your additional sites are subdomains,
simply set your django session cookie on *.domain.com, so that the
session is shared between both site1.domain.com and site2.domain.com.
This way, you don't need any special SSO code, once logged in to one
site, you will be logged in to all.
If that is undesirable - you may want distinct sessions - then I would
implement it like this (ghetto-saml):
At login, set LoggedIn cookie on *.domain.com
Add middleware to *.domain.com that detects anon users with this
cookie, and bounces them to the auth url, along with the requested
path.
Auth handler creates a token (import uuid; uuid.uuid4()), then create
an object in the DB keyed with this token, with the user's username
(or, if not logged in, removes the LoggedIn cookie, and bounces them
back to originator).
Auth handler redirects user back to original website, along with token
in well known parameter
Add middleware to *.domain.com that detects the well known parameter,
retrieves and consumes the stored object with that token, and
authenticates the user. Look at the source for
django.contrib.auth.middleware.RemoteUserMiddleware and
django.contrib.auth.backends.RemoteUserBackend, which do a pretty
similar sort of authentication.
Cheers
Tom
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
