Jan Pazdziora - External authentication for Django projects [EuroPython 2015] [24 July 2015] [Bilbao, Euskadi, Spain]
When applications get deployed in enterprise environment or in large organizations, they need to support user accounts and groups that are managed externally, in existing directory services like FreeIPA or Active Directory, or federated via protocols like SAML. While it is possible to add support for these individual setups and protocols directly to application code or to Web frameworks or libraries, often it is better to delegate the authentication and identity operations to a frontend server and just assume that the application has to be able to consume results of the external authentication and identity lookups.
In this talk, we will look at Django Web framework and how with few small changes to the framework and to the application we can extend the functionality of existing RemoteUserMiddleware and RemoteUserBackend to consume users coming from enterprise identity management systems. We will focus on using proven OS-level components such as SSSD for Web applications, but will also show setup using federation.