Ask Your Question
1

Authentication and django_authopenid_association

asked 2013-03-27 17:32:32 -0600

SocialQA gravatar image

updated 2013-03-28 23:32:41 -0600

So lets say I have another authentication system just like google or yahoo where we push the user to go and input username and password. Once they put username and password via successful user will redirect to askbot site (Redirect via https is handle in apache settings).

Basically my post request is a SAML2/post and I get a SAMLResponse. So my question is can I add a record to below mentioned table with the url that I am directing user to put credentials and then use authentication attributes log them on askbot side (such as creating the record in auth_user table).

mysql> desc django_authopenid_association;
+------------+--------------+------+-----+---------+----------------+
| Field      | Type         | Null | Key | Default | Extra          |
+------------+--------------+------+-----+---------+----------------+
| id         | int(11)      | NO   | PRI | NULL    | auto_increment |
| server_url | longtext     | NO   |     | NULL    |                |
| handle     | varchar(255) | NO   |     | NULL    |                |
| secret     | longtext     | NO   |     | NULL    |                |
| issued     | int(11)      | NO   |     | NULL    |                |
| lifetime   | int(11)      | NO   |     | NULL    |                |
| assoc_type | longtext     | NO   |     | NULL    |                |
+------------+--------------+------+-----+---------+----------------+

Once I have the record on this table, I could use something like this:

     elif method == 'umn':
        try:
            assoc = UserAssociation.objects.get(mylogin_url=mylogin_url)
            user = assoc.user
        except UserAssociation.DoesNotExist:
            return None
        except UserAssociation.MultipleObjectsReturned:
            logging.critical(
                'duplicate openid url in the database!!! %s' % mylogin_url
            )
            return None

(I am not really sure whats next from here but just want to confirm if this would be a right approach)

Also I want to know adding a record to django_authopenid_association is a manual process or if there is a config file to add authentication urls.

edit retag flag offensive close merge delete

Comments

Looks like no one in the community has an answer for this. :(

SocialQA gravatar imageSocialQA ( 2013-03-28 23:31:27 -0600 )edit

1 Answer

Sort by ยป oldest newest most voted
1

answered 2013-03-28 23:39:11 -0600

Evgeny gravatar image

updated 2013-03-28 23:43:18 -0600

It's better to not use the "Association" record at all, but use UserAssociation.

The UserAssociation is essentially a link between the external user id and django user. Please see how fields in the UserAssociation are used.

Also - maybe you can implement support for SAML2 and just add configuration for your UMN login system? We will merge that into Askbot core. See how OAuth2, OAuth1, OpenID are implemented and try to add support for SAML2. Thank you!

There is a function askbot.deps.django_authopenid.views.signin which handles the entry into the login system. First is the login provider type is determined and then the corresponding algorithm is followed.

When you create a user account - also create the UserAssociation record so that user can login again later.

edit flag offensive delete link more

Comments

I just codebase for askbot.deps.django_authopenid.views.signin but couldn't find any .py file with a method name of that are you talking about this in settings.py

SocialQA gravatar imageSocialQA ( 2013-03-28 23:52:44 -0600 )edit

It is name of a function inside the views.py file.

Evgeny gravatar imageEvgeny ( 2013-03-28 23:53:34 -0600 )edit

so the adding url that redirect user for saml based login should manually get added to the *userAssociation table?

SocialQA gravatar imageSocialQA ( 2013-03-28 23:53:47 -0600 )edit
1

The user association does not need to hold that url, only the part necessary to identify the user and the provider. The way we use it is a hack of the original. Take a look at how OAuth is implemented.

Evgeny gravatar imageEvgeny ( 2013-03-28 23:56:10 -0600 )edit

Is there any tutorial on how I can redirect authentication to some url and take that response to login with ASKBOT, I am looking at the code base and its a very complex code base :)

SocialQA gravatar imageSocialQA ( 2013-03-29 00:40:36 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2013-03-27 17:32:32 -0600

Seen: 231 times

Last updated: Mar 28 '13