Name: spid-django
Owner: Developers Italia
Description: SPID authentication for Django
Created: 2017-09-20 07:53:38.0
Updated: 2017-12-28 12:05:44.0
Pushed: 2017-12-22 16:31:21.0
Homepage: null
Size: 314
Language: HTML
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
Demo of a SPID authentication for Django, based on python3-saml.
This is a django project with one demo app, that shows how to use Single Sign On authentication through a SPID Identity Provider (SAML).
Technical documentation on SPID and SAML is available at: https://github.com/italia/spid-docs and https://github.com/umbros/spid-docs/blob/master/pages/documentazione-e-utilita.md
Install django-spid via pip in your virtualenv and add it to the project INSTALLED_APPS.
Add spid urls to your project url patterns
Generate X.509 certificates and store them somewhere
Register your SP with the IdP.
Change the saml/settings.json
and saml/advanced_settings.json
configuration files using your metadata (only for test purpose).
Start the app server
A test identity provider can be installed on your development environment (your laptop?), following instructions at: https://github.com/umbros/spid-docs/blob/master/pages/spid-ambiente-di-test.md
Here follows more detailed steps with some suggestions:
choose a domain for your Service Provider (i.e. spid.yourdomain.it)
generate self-signed certificates for your SP (you can do that here: https://developers.onelogin.com/saml/online-tools/x509-certs/obtain-self-signed-certs)
put the content of the generated certificates under saml/certs/
(name them: sp.crt, sp.key and sp.csr; CSR is not useed here, I think)
modify your /etc/hosts file, to redirect both
spid-testenv-identityserver
and spid.yourdomain.it
to your localhost
"127.0.0.1 spid-testenv-identityserver" | sudo tee -a /etc/hosts
start the dockerized service with
er-compose up
visit https://spid-testenv-identityserver:8080, go to section Service Provider/Creazione Metadata
fill in the form:
test/test
should be okpressing Scarica will not work as non-HTTPS urls will not validate,
so, copy the XML code in the text area and save it to a
metadata-yourdomain.xml
file; that will be your SP's metadata
press the Salva button, that will register the SP with the data you just inserted into the IdP.
press the Utenti button and create a new user, only entering those fields that you want to see later; a note: in this interface new users cannot be modified, only deleted and re-created; that's ok, not everything can be perfect
carbon
admin interface of the IdP
(9443, admin/admin), that allows the verification of the requests.When the server is running, the home page shows a login button that starts the SSO workflow.
Pressing the login button, a request is packed and sent to the IdP.
The IdP responds by redirecting you to its own login page.
You insert your credential (one of the user you just created)
The IdP redirects you to your SP, and a page with the attributes of the signed in user is shown.
improve session management
improve user data storage
tests
improve doc