Django admin SSO

Django admin SSO lets users login to Django's administration panel using an OAuth2 provider instead of a username/password combination.

Installation

django-admin-sso is most often used with Google OAuth2 and the instructions follow that assumption. At least in theory it is possible to use a different OAuth2 provider.

1. Make sure you have a working Django project setup.

2. Install django-admin-sso using pip:

   pip install django-admin-sso
   

3. Add admin_sso to INSTALLED_APPS in your settings.py file:

   INSTALLED_APPS = (
       ...
       'admin_sso',
       ...
   )
   

4. Add the django-admin authentication backend:

   AUTHENTICATION_BACKENDS = (
       'admin_sso.auth.DjangoSSOAuthBackend',
       'django.contrib.auth.backends.ModelBackend',
   )
   

5. Insert your OAuth2 client id and secret key into your settings file:

   DJANGO_ADMIN_SSO_OAUTH_CLIENT_ID = 'your client id here'
   DJANGO_ADMIN_SSO_OAUTH_CLIENT_SECRET = 'your client secret here'
   

Navigate to Google's Developer Console, create a new project, and create a new client ID under the menu point "APIs & AUTH", "Credentials". The redirect URI should be of the form http://example.com/admin/admin_sso/assignment/end/

6. Run ./manage.py migrate to create the needed database tables.
7. Log into the admin and add an Assignment.

Assignments

Any Remote User -> Local User X

• Select Username mode "any".
• Set Domain to your authenticating domain.
• Select your local user from the User drop down.

Remote User -> Local User

• Select Username mode "matches" or "don't match".
• Set username to [not] match by.
• Set Domain to your authenticating domain.
• Select your local user from the User drop down.

Changelog

2.3

• Raised the minimum supported Django version to the LTS version, 1.8.
• Avoid deprecation warnings with Django 1.10.

2.2

• Official support for Django 1.10 (no changes were necessary)
• Made the admin panel usable on sites with many users.

2.1

• Removed support for OpenID
• Python 3 compatible
• Dropped support for Django versions older than 1.7
• Continued development as django-admin-sso (2.0.x versions were released independently as django-admin-sso2)

1.0

• Add support for OAuth2.0 since google closes its OpenID endpoint https://developers.google.com/accounts/docs/OpenID
• Using OpenID is now deprecated and OpenID support will be removed in a future release.
• Add more tests to get a decent coverage.