NOTE! django-admin-sso uses Google's oauth2client <https://github.com/googleapis/oauth2client>__ which has been deprecated for a long time; the repository has even been archived by Google now. django-admin-sso isn't going anywhere but I'd recommend that new projects use django-authlib's Admin OAuth support <https://github.com/matthiask/django-authlib/#admin-oauth2>__.
Django admin SSO lets users login to Django's administration panel using an OAuth2 provider instead of a username/password combination.
django-admin-sso is most often used with Google OAuth2 and the instructions follow that assumption. At least in theory it is possible to use a different OAuth2 provider.
Make sure you have a working Django project setup.
Install django-admin-sso using pip::
pip install django-admin-sso
Add admin_sso to INSTALLED_APPS in your settings.py file::
INSTALLED_APPS = ( ... 'admin_sso', ... )
Add the django-admin authentication backend::
AUTHENTICATION_BACKENDS = ( 'admin_sso.auth.DjangoSSOAuthBackend', 'django.contrib.auth.backends.ModelBackend', )
Insert your OAuth2 client id and secret key into your settings file::
DJANGO_ADMIN_SSO_OAUTH_CLIENT_ID = 'your client id here' DJANGO_ADMIN_SSO_OAUTH_CLIENT_SECRET = 'your client secret here'
Navigate to Google's
Developer Console <https://console.developers.google.com/project>_, create a
new project, and create a new client ID under the menu point "APIs & AUTH",
"Credentials". The redirect URI should be of the form
http://example.com/admin/admin_sso/assignment/end/
Run ./manage.py migrate to create the needed database tables.
Log into the admin and add an Assignment.
Any Remote User -> Local User X
* Select Username mode "any".
* Set Domain to your authenticating domain.
* Select your local user from the User drop down.
Remote User -> Local User
~~~~~~~~~~~~~~~~~~~~~~~~~
* Select Username mode "matches" *or* "don't match".
* Set username to [not] match by.
* Set Domain to your authenticating domain.
* Select your local user from the User drop down.
Changelog
---------
3.0
~~~
* Dropped support for Django<1.11 and Python<3.
* Modernized the package and reformatted the code using black.
2.4
~~~
* Official support for Django 1.11.
2.3
~~~
* Raised the minimum supported Django version to the LTS version, 1.8.
* Avoid deprecation warnings with Django 1.10.
2.2
~~~
* Official support for Django 1.10 (no changes were necessary)
* Made the admin panel usable on sites with many users.
2.1
~~~
* Removed support for OpenID
* Python 3 compatible
* Dropped support for Django versions older than 1.7
* Continued development as ``django-admin-sso`` (2.0.x versions were released
independently as ``django-admin-sso2``)
1.0
~~~
* Add support for OAuth2.0 since google closes its OpenID endpoint https://developers.google.com/accounts/docs/OpenID
* Using OpenID is now deprecated and OpenID support will be removed in a future release.
* Add more tests to get a decent coverage.
FAQs
Django SSO solution
We found that django-admin-sso demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
vlt's new "reproduce" tool verifies npm packages against their source code, outperforming traditional provenance adoption in the JavaScript ecosystem.
Research
Security News
Socket researchers uncovered a malicious PyPI package exploiting Deezer’s API to enable coordinated music piracy through API abuse and C2 server control.
Research
The Socket Research Team discovered a malicious npm package, '@ton-wallet/create', stealing cryptocurrency wallet keys from developers and users in the TON ecosystem.