Re: OpenToken Spec & Single Sign On

[Justin]

Well that doesn't seem like much fun! But you're right, that's what
will eventually happen.

-Justin

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: OpenToken Spec & Single Sign On

[Matteius]

Well since that is the case, why even use Django?  Why not just do
this conversion/forwarding using the existing Perl OpenToken library
and deploy it to a cgi-bin?

-Matteo

On Jan 7, 2:17 pm, Justin  wrote:
> Matteo,
>
> Thanks for the response. I wish I could just use the
> django.contrib.auth authentication mechanisms and be done with this.
> However, I am not looking to use OpenToken to authenticate users in
> Django, per se.
>
> I will be making a Django app that accepts an authentication assertion
> from another system, packages it into an OpenToken, and then forwards
> it on to another system. The target system only accepts OpenToken for
> SSO.
>
> My Django application doesn't need to store User information nor
> authenticate the user. It is just a translator between one identity
> assertion and the other. The end-user won't even know they hit my
> Django app as their HTTP requests will just pass right through via
> redirects. It's just magic to them.
>
> I am already porting the perl module to python but am running into
> issues with the KeyGenerator class. Luckily the original devs provided
> plenty of good tests so I know when I am on the right track. I hope to
> open source the code once I am done.
>
> Thanks,
> Justin

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: OpenToken Spec & Single Sign On

[Justin]

Matteo,

Thanks for the response. I wish I could just use the
django.contrib.auth authentication mechanisms and be done with this.
However, I am not looking to use OpenToken to authenticate users in
Django, per se.

I will be making a Django app that accepts an authentication assertion
from another system, packages it into an OpenToken, and then forwards
it on to another system. The target system only accepts OpenToken for
SSO.

My Django application doesn't need to store User information nor
authenticate the user. It is just a translator between one identity
assertion and the other. The end-user won't even know they hit my
Django app as their HTTP requests will just pass right through via
redirects. It's just magic to them.

I am already porting the perl module to python but am running into
issues with the KeyGenerator class. Luckily the original devs provided
plenty of good tests so I know when I am on the right track. I hope to
open source the code once I am done.

Thanks,
Justin


-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: OpenToken Spec & Single Sign On

[Matteius]

I don't understand why you would need to use this for server-side
authentication in the Django environment?  So this OpenToken Single
Sign-on appears to be more similar to Django's own
django.contrib.auth, and django.contrib.sessions packages, and
possibly even less secure (and less documented) than Kerberos
authentication which is two way site-wide authentication protocol.  If
I were you, I'd use *django.contrib.auth* and
*django.contrib.sessions*.  The sessions application provides site
cookie for authenticating HTTP against, and auth provides User account
authentication for Single Sign-on using sha1 (default) or md5, or
crypt.

You could port the OenToken Perl module to Python easily, and remember
to target Pythong 2.6 and import hashlib for sha1 as the sha module is
now deprecated.

Beyond that, could you please provide more insight on why you would
want to use OpenToken specifically over the built in Django packages?
I read through the spec once and this is my conclusion is a much
bigger headache porting/integrating with OpenToken than using the
built in Django methods.

Regards,
Matteo

On Jan 6, 1:53 pm, Justin Murphy  wrote:
> Hello group,
>
> Does anybody have experience with the OpenToken specification? It is
> an authentication token that some (not many) applications use for SSO.
>
> I found existing Perl module that encrypts and decrypts the token but
> I need a Python version to use in a Django project. Not much luck
> finding one on Google, so I am asking this group to see if anybody has
> done this before so I don't need to re-create the wheel.
>
> Here is a link to the specification - website will automatically try
> and download PDF, sorry 
> :(http://www.pingidentity.com/support-and-downloads/download.cfm?item=1...
>
> OpenToken Perl module on GitHub:https://github.com/bleargh45/crypt-opentoken/
>
> I appreciate your help!
>
> Thanks,
> Justin

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

OpenToken Spec & Single Sign On

[Justin Murphy]

Hello group,

Does anybody have experience with the OpenToken specification? It is
an authentication token that some (not many) applications use for SSO.

I found existing Perl module that encrypts and decrypts the token but
I need a Python version to use in a Django project. Not much luck
finding one on Google, so I am asking this group to see if anybody has
done this before so I don't need to re-create the wheel.

Here is a link to the specification - website will automatically try
and download PDF, sorry :(
http://www.pingidentity.com/support-and-downloads/download.cfm?item=11703

OpenToken Perl module on GitHub:
https://github.com/bleargh45/crypt-opentoken/

I appreciate your help!

Thanks,
Justin

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.