Add OIDC
Sample settings file
This commit is contained in:
parent
7b6ee8a44c
commit
81115792b7
6 changed files with 72 additions and 7 deletions
2
frontend
2
frontend
|
@ -1 +1 @@
|
|||
Subproject commit 2dfe609aeec5a727115dd52df7eeecec9b58faec
|
||||
Subproject commit 02e5d622d917ae99baa78b63d97f32ef469a076b
|
9
kumisystems/auth.py
Normal file
9
kumisystems/auth.py
Normal file
|
@ -0,0 +1,9 @@
|
|||
from mozilla_django_oidc.auth import OIDCAuthenticationBackend
|
||||
|
||||
class OIDCBackend(OIDCAuthenticationBackend):
|
||||
def create_user(self, claims):
|
||||
email = claims.get('email')
|
||||
return self.UserModel.objects.create_user(email)
|
||||
|
||||
def get_username(self, claims):
|
||||
return claims.get('email')
|
|
@ -2,6 +2,8 @@ from pathlib import Path
|
|||
|
||||
from autosecretkey import AutoSecretKey
|
||||
|
||||
from django.urls import reverse_lazy
|
||||
|
||||
# Build paths inside the project like this: BASE_DIR / 'subdir'.
|
||||
BASE_DIR = Path(__file__).resolve().parent.parent
|
||||
|
||||
|
@ -48,6 +50,10 @@ INSTALLED_APPS = [
|
|||
'djangocms_video',
|
||||
'djangocms_snippet',
|
||||
'djangocms_style',
|
||||
|
||||
# Optional for OpenID Connect:
|
||||
|
||||
'mozilla_django_oidc',
|
||||
]
|
||||
|
||||
MIDDLEWARE = [
|
||||
|
@ -133,6 +139,30 @@ else:
|
|||
# Password validation
|
||||
# https://docs.djangoproject.com/en/4.2/ref/settings/#auth-password-validators
|
||||
|
||||
USE_OIDC = False
|
||||
|
||||
if "OIDC" in CONFIG:
|
||||
USE_OIDC = True
|
||||
|
||||
AUTHENTICATION_BACKENDS = [
|
||||
'kumisystems.auth.OIDCBackend',
|
||||
]
|
||||
|
||||
LOGIN_URL = reverse_lazy("oidc_authentication_init")
|
||||
|
||||
OIDC_NAME = CONFIG.get("OIDC", "Name", fallback="OIDC")
|
||||
OIDC_RP_CLIENT_ID = CONFIG["OIDC"]["ClientID"]
|
||||
OIDC_RP_CLIENT_SECRET = CONFIG["OIDC"]["ClientSecret"]
|
||||
OIDC_OP_JWKS_ENDPOINT = CONFIG["OIDC"]["JWKS"]
|
||||
OIDC_OP_AUTHORIZATION_ENDPOINT = CONFIG["OIDC"]["Authorization"]
|
||||
OIDC_OP_TOKEN_ENDPOINT = CONFIG["OIDC"]["Token"]
|
||||
OIDC_OP_USER_ENDPOINT = CONFIG["OIDC"]["UserInfo"]
|
||||
OIDC_CREATE_USER = CONFIG.getboolean("OIDC", "CreateUsers", fallback=False)
|
||||
OIDC_RP_SIGN_ALGO = CONFIG.get("OIDC", "Algorithm", fallback="RS256")
|
||||
|
||||
MIDDLEWARE.append("mozilla_django_oidc.middleware.SessionRefresh")
|
||||
|
||||
|
||||
AUTH_PASSWORD_VALIDATORS = [
|
||||
{
|
||||
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
|
||||
|
|
|
@ -2,9 +2,19 @@ from django.contrib import admin
|
|||
from django.urls import path, include
|
||||
from django.views.i18n import JavaScriptCatalog
|
||||
from django.conf.urls.i18n import i18n_patterns
|
||||
from django.conf import settings
|
||||
|
||||
urlpatterns = i18n_patterns(
|
||||
path('admin/', admin.site.urls),
|
||||
path('', include('cms.urls')),
|
||||
path('jsi18n/', JavaScriptCatalog.as_view(), name='javascript-catalog'),
|
||||
urlpatterns = [
|
||||
path("oidc/", include("mozilla_django_oidc.urls")),
|
||||
] + i18n_patterns(
|
||||
path("admin/", admin.site.urls),
|
||||
path("", include("cms.urls")),
|
||||
path("jsi18n/", JavaScriptCatalog.as_view(), name="javascript-catalog"),
|
||||
)
|
||||
|
||||
if settings.USE_OIDC:
|
||||
from mozilla_django_oidc.views import OIDCAuthenticationRequestView
|
||||
|
||||
urlpatterns = i18n_patterns(
|
||||
path('admin/login/', OIDCAuthenticationRequestView.as_view(), name='oidc_authentication_init'),
|
||||
) + urlpatterns
|
|
@ -12,3 +12,4 @@ djangocms-picture
|
|||
djangocms-video
|
||||
djangocms-snippet
|
||||
djangocms-style
|
||||
mozilla-django-oidc
|
15
settings.dist.ini
Normal file
15
settings.dist.ini
Normal file
|
@ -0,0 +1,15 @@
|
|||
[KumiSystems]
|
||||
debug = 0 # Set to 1 to enable debug
|
||||
host = kumisystems.local
|
||||
|
||||
# Uncomment and change values to enable OpenID Connect authentication
|
||||
|
||||
# [OIDC]
|
||||
# name = KumiDC
|
||||
# createusers = 0
|
||||
# clientid = 012345
|
||||
# clientsecret = afjkhsdjfkhajlkfhdsljkfh
|
||||
# jwks = https://kumidc.local/openid/jwks/
|
||||
# authorization = https://kumidc.local/openid/authorize/
|
||||
# token = https://kumidc.local/openid/token/
|
||||
# userinfo = https://kumidc.local/openid/userinfo/
|
Loading…
Reference in a new issue