- If you want to debug `ssoauth` or need a fully functional SSO during development for some other reason, an example is below. For additional info reference production setup and `ssoauth/app_settings/defaults.py`. If you also want a working SLO during development you will need SSL for your localhost, `nginx` will be your best friend.
- If you want to debug `ssoauth` or need a fully functional SSO during development for some other reason, an example is below. For additional info see production setup chapter and `ssoauth.app_settings.defaults`. If you also want a working SLO during development you will need SSL for your localhost, `nginx` will be your best friend.
LOGIN_URL=urls.reverse_lazy("sso-dev")# it's "sso-login" for prod
```
#### Overriding Log In in Other Apps
There are some apps like `django.contrib.admin` or `wagtail` that will simply ignore `LOGIN_URL` and use their own log in page. If this behavior is undesirable and you would prefer using `ssoauth` instead:
- find out the login page of that app (let's assume it's `admin/login`)
- in `urls.py`, before including URLs for that app, include this view:
Optional argument `already_authenticated_403=True` is used to avoid redirect loops caused by `django.contrib.admin`.
Instead of it you can also use `already_authenticated_redirect="url-name"`.
#### Regarding Logging Out
...
...
@@ -61,7 +72,7 @@ After logging out locally, user will be redirected to one of the following (with
Currently only IdP-initiated SLO is supported by this app. The only supported binding type is HTTP-Redirect due to the limitations of the underlying library used.
For SLO with HTTP-Redirect to work, the SLS page must be included as `<iframe>`. Your server and/or browser might restrict such behavior. Start with setting `SP_SLS_X_FRAME_OPTIONS` (see the`ssoauth` default settings file).
For SLO with HTTP-Redirect to work, the SLS page must be included as `<iframe>`. Your server and/or browser might restrict such behavior. Start with setting `SP_SLS_X_FRAME_OPTIONS` (check`ssoauth.app_settings.defaults`).
If you have `nginx` serving pages to users, you might need to configure `x-frame-options` for the SLS view (Only the SLS view, nowhere else!). Additionally you might need to configure CSP on the web server on the IdP side. Anyways it will most likely be a lot of [fun](https://duckduckgo.com/?q=dwarf+fortress+fun) for you.
...
...
@@ -74,7 +85,7 @@ To receive groups over SSO you need a group mapping (and of course a properly co
#### Production Settings
_(Disclaimer: this example might be incomplete. Reference the `ssoauth` default settings file.)_
This example might be incomplete. See `ssoauth.app_settings.defaults` for additional info