I am trying to authenticate my django application written in python with okta IDP. I have almost configured everything at SP side and IDP side too. Now I need to pass a custom variable from IDP which assert SP that user is a publisher,editor or admin and further save this to the django format database (in auth_user_groups table). Anyone have tried doing this, or anyone has idea about this?
I am able to get the custom variable values by attributes mappings from IDP. But this allows me to save the custom attributes only on the user table. please let me know if i have not made myself clear here about my question.
Once again I have a privilege to answer my own question. So hear is the solution.
Django has a user profile module which is to be turned on by giving the module location in the settings.py
i.e -
"AUTH_PROFILE_MODULE = appTitle.UserProfile"
The UserProfile needs to be specified in modules.py specifying the required structure of user profile u need for your app.
Now doing sync -db django creates the Database table for your user profile and further on the same user profile pysaml adds the value (CustomAttribute) which come on the saml Assertion.
more explanations on this can be found on django documentations too.
If any one still faces any issue please let me know.
Related
I'm developing a management software. And I need create a module for manage the permissions and groups using the auth of django. I dont want use the admin django because this just allow log in for super users.
I want override the admin route and create a form with the same features from the admin site. If is possible, I want use the widget for the assignment of permission and group.
I need all this built into an app because I need this to work for this and other projects.
I have already written a custom form to add, edit and view users extending the class UserCreationForm, I need something similar to that.
I hope you can help me...
First things first: don't do this!
Creating your own Django admin site is a load of work, and likely to be insecure etc. Your'e opening a giant can of worms here.
If you need members of your app to edit permissions, they do not have to be superusers! Users with is_staff = True can all access the admin site. Once you've set this for the users you want, go ahead and configure the exact permissions for this type of user.
Start with the official docs on user permissions.
Is it possible to change attributes of a user in LDAP via django?
As of now, I can't find any solution on the Internet.
I have the django-auth-ldap backend and I can log in as a user (GUI). But I can't change any of their attributes, i.e. I can't change the name.
What do I have to write or extend? If you have any idea let me know.
Do I have to write in my views, models, forms or whatever?
I saw the code in the accepted answer for this question:
How to access user names and profiles with django-allauth
But when I run a template with {{user.get_provider}}, nothing appears. I was expecting it to say either "LinkedIn Oauth2" or maybe "native". (Those are my two ways to log in.)
Are there special things you need to get the template calls working? Other template items are working fine, such as account.get_avatar_url.
To my knowledge the user profile doesn't record which credential was used to establish the current session, nor as far as I am aware does a list of a particular account's associated credential types automatically populate into the user context object (I'm not sure which you were trying to get from the question you asked).
You can access what credentials an account has available to it in python & export these to the context. See the socialaccount/connections.html template that comes with django-allauth as an example.
I need to authorise a user on my Django powered site, but...
The user is not part of the Django user system (user table). However, I would it to behave like they have an active session just like they had logged like as a normal user.
Is this possible with Django, does Django support this sort of scenario?
I'm looking to be pointed in the right direction as I'm struggling to find information.
Well how are you going to authenticate the user if they are not in Django user system?
If there is another table or some other way you want to authenticate a user, you can write a custom authentication backend and plug it in. See django documentation on this.
Looks like django-lazysignup does exactly what you are looking for.
I've installed the django-registration app succesfully and it works great.
But now I want that when people are logged in, they have to fill in more data about theirself.
Do I need to create an new django-app, so with a new database, or is it possible to save the data in the djano-registration app database (the database with username, password and e-mail)?
And how should I link these two databases, so everybody have his own, unique "index"-page with correct 'place'/link in/to the database?
Thanks a lot!
Look at the User-Profiles section of the auth application. It explains how to create a Profile object (basically a new table, not database), that is connected to the User object, and has whatever data you add to it. It can be retrieved with get_profile().
Just to highlight something in the docs - get_profile() does not automatically create a Profile for you, you need to manually create one each time a User is created. This Answer gives sample code for using Signals to create a profile - after a User is created, it sends a signal to any registered process. You would need to code, and register a profile-creation function with the signal.
The author of django-registration has also done a nice profile app. Wrapping around the User-Profiles.
Check it out at:
https://bitbucket.org/ubernostrum/django-profiles/