Add OIDC
Sample settings file
This commit is contained in:
parent
7b6ee8a44c
commit
81115792b7
6 changed files with 72 additions and 7 deletions
2
frontend
2
frontend
|
@ -1 +1 @@
|
||||||
Subproject commit 2dfe609aeec5a727115dd52df7eeecec9b58faec
|
Subproject commit 02e5d622d917ae99baa78b63d97f32ef469a076b
|
9
kumisystems/auth.py
Normal file
9
kumisystems/auth.py
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
from mozilla_django_oidc.auth import OIDCAuthenticationBackend
|
||||||
|
|
||||||
|
class OIDCBackend(OIDCAuthenticationBackend):
|
||||||
|
def create_user(self, claims):
|
||||||
|
email = claims.get('email')
|
||||||
|
return self.UserModel.objects.create_user(email)
|
||||||
|
|
||||||
|
def get_username(self, claims):
|
||||||
|
return claims.get('email')
|
|
@ -2,6 +2,8 @@ from pathlib import Path
|
||||||
|
|
||||||
from autosecretkey import AutoSecretKey
|
from autosecretkey import AutoSecretKey
|
||||||
|
|
||||||
|
from django.urls import reverse_lazy
|
||||||
|
|
||||||
# Build paths inside the project like this: BASE_DIR / 'subdir'.
|
# Build paths inside the project like this: BASE_DIR / 'subdir'.
|
||||||
BASE_DIR = Path(__file__).resolve().parent.parent
|
BASE_DIR = Path(__file__).resolve().parent.parent
|
||||||
|
|
||||||
|
@ -48,6 +50,10 @@ INSTALLED_APPS = [
|
||||||
'djangocms_video',
|
'djangocms_video',
|
||||||
'djangocms_snippet',
|
'djangocms_snippet',
|
||||||
'djangocms_style',
|
'djangocms_style',
|
||||||
|
|
||||||
|
# Optional for OpenID Connect:
|
||||||
|
|
||||||
|
'mozilla_django_oidc',
|
||||||
]
|
]
|
||||||
|
|
||||||
MIDDLEWARE = [
|
MIDDLEWARE = [
|
||||||
|
@ -133,6 +139,30 @@ else:
|
||||||
# Password validation
|
# Password validation
|
||||||
# https://docs.djangoproject.com/en/4.2/ref/settings/#auth-password-validators
|
# https://docs.djangoproject.com/en/4.2/ref/settings/#auth-password-validators
|
||||||
|
|
||||||
|
USE_OIDC = False
|
||||||
|
|
||||||
|
if "OIDC" in CONFIG:
|
||||||
|
USE_OIDC = True
|
||||||
|
|
||||||
|
AUTHENTICATION_BACKENDS = [
|
||||||
|
'kumisystems.auth.OIDCBackend',
|
||||||
|
]
|
||||||
|
|
||||||
|
LOGIN_URL = reverse_lazy("oidc_authentication_init")
|
||||||
|
|
||||||
|
OIDC_NAME = CONFIG.get("OIDC", "Name", fallback="OIDC")
|
||||||
|
OIDC_RP_CLIENT_ID = CONFIG["OIDC"]["ClientID"]
|
||||||
|
OIDC_RP_CLIENT_SECRET = CONFIG["OIDC"]["ClientSecret"]
|
||||||
|
OIDC_OP_JWKS_ENDPOINT = CONFIG["OIDC"]["JWKS"]
|
||||||
|
OIDC_OP_AUTHORIZATION_ENDPOINT = CONFIG["OIDC"]["Authorization"]
|
||||||
|
OIDC_OP_TOKEN_ENDPOINT = CONFIG["OIDC"]["Token"]
|
||||||
|
OIDC_OP_USER_ENDPOINT = CONFIG["OIDC"]["UserInfo"]
|
||||||
|
OIDC_CREATE_USER = CONFIG.getboolean("OIDC", "CreateUsers", fallback=False)
|
||||||
|
OIDC_RP_SIGN_ALGO = CONFIG.get("OIDC", "Algorithm", fallback="RS256")
|
||||||
|
|
||||||
|
MIDDLEWARE.append("mozilla_django_oidc.middleware.SessionRefresh")
|
||||||
|
|
||||||
|
|
||||||
AUTH_PASSWORD_VALIDATORS = [
|
AUTH_PASSWORD_VALIDATORS = [
|
||||||
{
|
{
|
||||||
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
|
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
|
||||||
|
|
|
@ -2,9 +2,19 @@ from django.contrib import admin
|
||||||
from django.urls import path, include
|
from django.urls import path, include
|
||||||
from django.views.i18n import JavaScriptCatalog
|
from django.views.i18n import JavaScriptCatalog
|
||||||
from django.conf.urls.i18n import i18n_patterns
|
from django.conf.urls.i18n import i18n_patterns
|
||||||
|
from django.conf import settings
|
||||||
|
|
||||||
urlpatterns = i18n_patterns(
|
urlpatterns = [
|
||||||
path('admin/', admin.site.urls),
|
path("oidc/", include("mozilla_django_oidc.urls")),
|
||||||
path('', include('cms.urls')),
|
] + i18n_patterns(
|
||||||
path('jsi18n/', JavaScriptCatalog.as_view(), name='javascript-catalog'),
|
path("admin/", admin.site.urls),
|
||||||
|
path("", include("cms.urls")),
|
||||||
|
path("jsi18n/", JavaScriptCatalog.as_view(), name="javascript-catalog"),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
if settings.USE_OIDC:
|
||||||
|
from mozilla_django_oidc.views import OIDCAuthenticationRequestView
|
||||||
|
|
||||||
|
urlpatterns = i18n_patterns(
|
||||||
|
path('admin/login/', OIDCAuthenticationRequestView.as_view(), name='oidc_authentication_init'),
|
||||||
|
) + urlpatterns
|
|
@ -12,3 +12,4 @@ djangocms-picture
|
||||||
djangocms-video
|
djangocms-video
|
||||||
djangocms-snippet
|
djangocms-snippet
|
||||||
djangocms-style
|
djangocms-style
|
||||||
|
mozilla-django-oidc
|
15
settings.dist.ini
Normal file
15
settings.dist.ini
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
[KumiSystems]
|
||||||
|
debug = 0 # Set to 1 to enable debug
|
||||||
|
host = kumisystems.local
|
||||||
|
|
||||||
|
# Uncomment and change values to enable OpenID Connect authentication
|
||||||
|
|
||||||
|
# [OIDC]
|
||||||
|
# name = KumiDC
|
||||||
|
# createusers = 0
|
||||||
|
# clientid = 012345
|
||||||
|
# clientsecret = afjkhsdjfkhajlkfhdsljkfh
|
||||||
|
# jwks = https://kumidc.local/openid/jwks/
|
||||||
|
# authorization = https://kumidc.local/openid/authorize/
|
||||||
|
# token = https://kumidc.local/openid/token/
|
||||||
|
# userinfo = https://kumidc.local/openid/userinfo/
|
Loading…
Reference in a new issue