Comments (1)
First version of this was merged in PR #1. It contains the minimum viable implementation.
This was updated on Dreamschool side this week.
Currently it works like this:
- User comes in the the Dreamschool SP with SAML assertion from MPASS Auth Proxy
- Assertion contains MPASS ID
- If the MPASS ID is found in Dreamschool User Database:
- User is logged in and everything works
- User is not found:
- DS UserDB makes an API query to MPASS Auth Data asking for possible external_id
- If the response contains valid external_id:
- The external_id in this case is DS UserDB user ID
- MPASS ID is added for that user
- user is logged in and everything works
- Response does not contain valid external_id
- This is previously unknown new user
- Account is created automatically based on attributes in SAML assertion
- Username is derived from MPASS ID
- User is always teacher
- User belongs to organisation named "ECA"
In all cases user is logged in and can use Dreamschool service.
There are still limitations. All users are teachers and they are all in single organisation. This is enough for demo purposes as this is not meant to be production ready yet. The main purpose is to allow testing of MPASS authentication.
There are two ways to use this implementation:
- Existing Dreamschool user uses MPASS to log in to Dreamschool using Dreamschool as authentication source.
- All users who have MPASS ID can automatically register new account and log in to Dreamschool.
from eca-auth-data.
Related Issues (19)
- Change module name to "authdata" HOT 1
- All data should be timestamped in local database
- It should be possible to query only changed data from the API HOT 1
- Services can store attributes in the database
- External Data concept
- LDAP support
- Settings files should be moved to project directory
- Generate a fake OID for external users
- Use ObjectGUID as the external id in LDAP external sources HOT 1
- LDAP external sources need better error handling
- LDAP external source results need paging
- Update Django to 1.8 LTS HOT 1
- Better organisation of certificate files
- Increase test coverage
- Allow user search with multiple attributes HOT 3
- Document settings.AUTH_EXTERNAL_SOURCES
- Attributes are not automatically created
- Query endpoint is returning disabled attributes
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from eca-auth-data.