I'm trying to implement single sign-on using only django auth.
Let's assume two django projects, on different sub-domains:
site.com(auth) and app1.site.com(app1) The auth table in site.com is
master. site.com handles: login, logout, account registration, etc.
site.com sets SESSION_COOKIE_DOMAIN to .site.com to allow it to be
read by subdomains
app1 will have login_url set to a view in the app1 project, which does
the following:
retrieves site.com's session_id value(from cookie)
validates session_id by making a request to: site.com/validate/
[session_id]/
If False, redirects to site.com/login?next=[...]
If True, request user data to: site.com/attributes/[session_id]/
site.com/attributes/ delivers a dictionary with all the User
values, encrypted using a shared SSO_KEY(encryption done the same way
django encodes and decodes session_id)
Now, app1 has a model SSO_User which has two fields, a foreign key to
User model and an integer field. The SSO_User models links local auth
User to the id of master auth table.
Using the id retrieved from site.com, we check SSO_User for existing
local user, if true we simply update the values and login; if non
existing, we create the user and SSO_User and login.
app1(or any other sub-domain) can keep their own profile information,
without interfering with anything.
It seems simple to implement and safe, but before implementing I
wanted some opinions. What do you think?
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
