Django Single Sign On(SSO) to multiple applications
Single sign on is a way for users to issue a security token for the first time login, login into multiple applications using one set of credentials i.e security token.
Adding sso to an application will make things easier for users, because they dont need to remember login credentials for multiple applications. User just need to enter their login credentials for first time instead of re-entering their credentials for every application login.
In this post, we’ll see how to add single sign on to multiple django applications using django-simple-sso.
Using django-simple-sso, we should have single server, multiple clients.
1. Server will have all users information which’ll authenticate user details at the time of login, creates token for the first time. Using their security tokens, it’ll authenticates user details
2. Each Client or application needs to generate their public key, private key in the server to perform requests securely.
How Django SSO works for multiple applications?
User → application → SSO Server → application
1. When User log into an application, the client will send a request with next GET parameter, which have redirect url after successful login
2. Request details(application details: public key, private key, redirect url) will be validated at server
3. It returns user request token which’ll be created for the first time login
4. Using request token, we’re sending a request to server to verify user authorization. For successful authorization, it will return user security token. If user is not loggedin, it’ll ask to enter user login details.
5. client will send a post request to server to verify user access token.
6. If the user access token is valid, the server returns a serialized Django User object.
7. The application logs the user in using the Django User recieved from the server.
Server Side:
1. Install django-simple-sso using the following command:
pip install django-simple-sso
2. Run the following command to store each client or application details, user tokens.
python manage.py migrate
3. Create application or client details(public key, private key) in the server side in the django shell.
from simple_sso.sso_server.models import Token, Consumer Consumer.objects.create(public_key='your_application_public_key', private_key='your_application_private_key', name='your_application_name')
4. Add ‘simple_sso.sso_server’ to INSTALLED_APPS
INSTALLED_APPS = INSTALLED_APPS + (
'simple_sso.sso_server'
)
5. Intialize the server and add the following url patterns to urls.py file:
from simple_sso.sso_server.server import Server test_server = Server() urlpatterns += [ url(r'^server/', include(test_server.get_urls())), ]
Client Side:
1. Install django-simple-sso using the following command:
pip install django-simple-sso
2. Add Public key, private key, server url to application settings
SSO_PRIVATE_KEY = 'Your Private Key' SSO_PUBLIC_KEY = 'Your Public Key' SSO_SERVER = 'SSO SERVER URL'
3. Initialize the client and add the follwing client urls to application urls:
from simple_sso.sso_client.client import Client test_client = Client(settings.SSO_SERVER, settings.SSO_PUBLIC_KEY, settings.SSO_PRIVATE_KEY)
url(r’^client/’, include(test_client.get_urls())),
Create 2 client apps with the above settings. Add different hostname to your appplication using /etc/hosts file.
visits your applications http://test.yourapp.com:8000/client/, it’ll ask for user credentials if not logged in already. After successful login, visits other application http://test.testyourapp.com:8001/client/, user’ll be logged in already.