Hi guys, Thanks for a lot of useful answers! My schools use a palette of authentication systems; regular hashed password check with a hash I have access to, LDAP auth and WAYF (a Danish educational SSO solution using Shibboleth). Those are the least of my worries right now, though.
I'll have a look at the AbstractBaseUser and friends. Ideally, I'd like to expand on my existing LegacyUser model and avoid creating separate Django users that shadow the LegacyUser, as I do a lot of synchronization of LegacyUsers with the legacy system. I'll see how it goes and post a solution if I get that far. Erik > Den 19/01/2015 kl. 23.24 skrev James Schneider <jrschneide...@gmail.com>: > > For a pure authentication scenario where permission checks never go beyond > user.is_authenticated(), that's probably true. If all the OP is doing is > displaying data, they may be able to get away with manually associating the > campus and user within the session after, and displaying data based on those > session keys. Basically you would end up with a boolean layer of protection > for each resource, because all you know is the validated username and campus > pair. That may work just fine. > > However, if you need any sort of authorization (permission checking) within > the app using Django's permission system, you'll probably need a local copy > of the user using a custom user model in the database to perform checks > against. It sounds like the OP may need that. Otherwise you are also looking > at rolling a custom authorization backend as well. > > If they are LDAP services, you can look at django-ldap, which works quite > nicely, including group membership restrictions. It also does the overriding > of the authentication backend for you. Not sure how it would work with > multiple LDAP servers for various campuses though. That would need some > research. > > TL;DR; There are a lot of ways to slice this problem, and a primary strategy > driver will be the available authentication backends at each campus. > Hopefully they are all the same. > > -James > > > On Mon, Jan 19, 2015 at 2:06 PM, Stephen J. Butler <stephen.but...@gmail.com> > wrote: > Shibboleth 2.0 lets you setup a discovery service (or portal would > perhaps be a better term) letting the user select which ID Provider > (IdP) they will authenticate to. All you have to do on the Service > Provider (SP) side is specify the discovery URL and what IdPs you > allow. Nothing needs to be done in your Django app except support > Shibboleth. > > Of course, this is all predicated on there being a competent > Shibboleth setup at your institutions. > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-users+unsubscr...@googlegroups.com. > To post to this group, send email to django-users@googlegroups.com. > Visit this group at http://groups.google.com/group/django-users. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/CAD4ANxVp4C2QcxAcY6Xui1bc6Z-hcV--sfOSEy%3DmcaW_w%2BpGHw%40mail.gmail.com. > For more options, visit https://groups.google.com/d/optout. > > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-users+unsubscr...@googlegroups.com. > To post to this group, send email to django-users@googlegroups.com. > Visit this group at http://groups.google.com/group/django-users. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/CA%2Be%2BciXW3NoDaTTpaiL2qtD69vkjmSEFfGSeM9-Dk00YMAG6NQ%40mail.gmail.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/81081481-BDD7-4247-BDA9-FBD9DDDF7BA7%40cederstrand.dk. For more options, visit https://groups.google.com/d/optout.
