First time here? Check out the FAQ!
1

Authentication and django_authopenid_association

So lets say I have another authentication system just like google or yahoo where we push the user to go and input username and password. Once they put username and password via successful user will redirect to askbot site (Redirect via https is handle in apache settings).

Basically my post request is a SAML2/post and I get a SAMLResponse. So my question is can I add a record to below mentioned table with the url that I am directing user to put credentials and then use authentication attributes log them on askbot side (such as creating the record in auth_user table).

mysql> desc django_authopenid_association;
+------------+--------------+------+-----+---------+----------------+
| Field      | Type         | Null | Key | Default | Extra          |
+------------+--------------+------+-----+---------+----------------+
| id         | int(11)      | NO   | PRI | NULL    | auto_increment |
| server_url | longtext     | NO   |     | NULL    |                |
| handle     | varchar(255) | NO   |     | NULL    |                |
| secret     | longtext     | NO   |     | NULL    |                |
| issued     | int(11)      | NO   |     | NULL    |                |
| lifetime   | int(11)      | NO   |     | NULL    |                |
| assoc_type | longtext     | NO   |     | NULL    |                |
+------------+--------------+------+-----+---------+----------------+

Once I have the record on this table, I could use something like this:

     elif method == 'umn':
        try:
            assoc = UserAssociation.objects.get(mylogin_url=mylogin_url)
            user = assoc.user
        except UserAssociation.DoesNotExist:
            return None
        except UserAssociation.MultipleObjectsReturned:
            logging.critical(
                'duplicate openid url in the database!!! %s' % mylogin_url
            )
            return None

(I am not really sure whats next from here but just want to confirm if this would be a right approach)

Also I want to know adding a record to django_authopenid_association is a manual process or if there is a config file to add authentication urls.

SocialQA's avatar
265
SocialQA
asked 2013-03-27 17:32:32 -0600, updated 2013-03-28 23:32:41 -0600
edit flag offensive 0 remove flag close merge delete

Comments

Looks like no one in the community has an answer for this. :(

SocialQA's avatar SocialQA (2013-03-28 23:31:27 -0600) edit
add a comment see more comments

1 Answer

1

It's better to not use the "Association" record at all, but use UserAssociation.

The UserAssociation is essentially a link between the external user id and django user. Please see how fields in the UserAssociation are used.

Also - maybe you can implement support for SAML2 and just add configuration for your UMN login system? We will merge that into Askbot core. See how OAuth2, OAuth1, OpenID are implemented and try to add support for SAML2. Thank you!

There is a function askbot.deps.django_authopenid.views.signin which handles the entry into the login system. First is the login provider type is determined and then the corresponding algorithm is followed.

When you create a user account - also create the UserAssociation record so that user can login again later.

Evgeny's avatar
13.2k
Evgeny
answered 2013-03-28 23:39:11 -0600, updated 2013-03-28 23:43:18 -0600
edit flag offensive 0 remove flag delete link

Comments

I just codebase for askbot.deps.django_authopenid.views.signin but couldn't find any .py file with a method name of that are you talking about this in settings.py

SocialQA's avatar SocialQA (2013-03-28 23:52:44 -0600) edit

It is name of a function inside the views.py file.

Evgeny's avatar Evgeny (2013-03-28 23:53:34 -0600) edit

so the adding url that redirect user for saml based login should manually get added to the *userAssociation table?

SocialQA's avatar SocialQA (2013-03-28 23:53:47 -0600) edit
1

The user association does not need to hold that url, only the part necessary to identify the user and the provider. The way we use it is a hack of the original. Take a look at how OAuth is implemented.

Evgeny's avatar Evgeny (2013-03-28 23:56:10 -0600) edit

Is there any tutorial on how I can redirect authentication to some url and take that response to login with ASKBOT, I am looking at the code base and its a very complex code base :)

SocialQA's avatar SocialQA (2013-03-29 00:40:36 -0600) edit
add a comment see more comments