Hi Tom, You understood our requirements precisely. We do not have significant time or ability to dig deep into platforms like C & SWIG. We have agreed to have a C# intermediay to do all the ADFS/Windows stuff and use another callback URL from C# to Django for logging the user in.
Thanks & Regards On 25 February 2014 18:17, Tom Evans <[email protected]> wrote: > On Tue, Feb 25, 2014 at 10:44 AM, Me Sulphur <[email protected]> wrote: > > Hi, > > > > For one of our new deployments we need to replace our authentication > > (django's default) with the client's Single Sign On (SSO). The client > uses > > ADFS 2.0 for SSO. > > None of us have ever worked on .NET/Windows techologies; we tried to > look up > > at many places but no leads on where to start. Possibly, the apps - > > djangosaml2 or pysaml2 - can help but could not figure out how to use > them > > for our use case. > > > > Please if someone can provide the lead on how to proceed, I'd be > thankful. > > This area isn't well served - for future posters, he is not trying to > authenticate against LDAP, nor against AD. He wants users to be > identified by their own organization and identity information passed > back to his site from the partners AD. > > The thing with SAML is that there are lots of different Profiles and > Transports that describe precisely how to communicate with an Identity > Provider. The plus side for you is that you are implementing a Service > Provider (SP) and not as an Identity Provider (IdP) - ie you have a > site that people log in to, not a site that stores and provides > identity information. > > You will need to determine what interop support ADFS has for SAML 2.0, > what Profiles and Transports it expects to use. > > I don't know much about the libraries you mentioned. We used py-lasso, > which is a library for producing, interpreting, signing/validating and > encrypting/decrypting SAML messages. The documentation was ..... less > than good. In the most part we relied on reading the C sources to > lasso and the SWIG bindings to determine what functions to call and > when. > > Plus, we were not doing interop, we were writing our own IdP that > talked to our own SPs, so we had complete blanket choice over what > Profiles to use. > > I do not think you can achieve this by simply "Install this package, > add this setting". Happy to be told otherwise! > > Cheers > > Tom > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Django users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/django-users/Xkvwii1_HBs/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/django-users. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/CAFHbX1J1e9JMOPaYfKGaWPVcJ%2BWNQyhn0JHxHXqRpNL1HPoA3w%40mail.gmail.com > . > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CABSvzZA2vOpY5Uv7C8JRLYEJDaXBTY1ZqiB8b%2BV8CpL%2BoCfKRw%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
