Django-PyoidcRP

Created: 2014-05-19 15:00
Updated: 2015-05-18 14:56
License: apache-2.0

README.md

Django pyoidc integration

Django module that includes pyoidc relying party code into a Django application. To install this example:

  • Install an OpenID Provider with YAIS:
    sudo apt-get install apache2 vim ntp git libapache2-mod-wsgi mysql-server-5.5 python-mysqldb
    
    cd /opt ; git clone https://github.com/its-dirg/yais
    
    cd /opt/yais ; python setup.py install
    
    mkdir /opt/projects ; yaisLinux.sh /opt/projects
    
     - Do you want to install IdProxy (Y/n):         n 
     - Do you want to install Social2Saml (Y/n):     n
     - Do you want to install verify_entcat (Y/n):   n 
     - Do you want to install dirg-web (Y/n):        n 
     - Do you want to install saml2test (Y/n):       n 
     - Do you want to install pyoidc (Y/n):          Y 
     - Do you want to install pysaml2 (Y/n):         n 
     - Do you want to install oictest (Y/n):         n 
     - Do you want to install oictestGui (Y/n):      n
    
    

sudo pip install pycrypto==2.6.1 ; easy_install pycrypto

cd /opt/projects/pyoidc/oidc_example/op2

cp config.py.example config.py

vim config.py:


... baseurl = "https://<YOUR.VM.FQDN>"

Use the default key or change with another one.

keys = { "RSA": { "key": "cp_keys/key.pem", "usage": ["enc", "sig"] } }

Modify this if you want host your OpenID Provider on HTTPS

SERVER_CERT = "certs/server.crt" SERVER_KEY = "certs/server.key"



 * Start the OpenID Provider by executing the command:

cd /opt/projects/pyoidc/oidc_example/op2 ; sudo ./server.py -p 8092 config


* Install Django with pip installler:

sudo pip install --upgrade Django sudo pip install django-mako


* Create a New DB and a New User:

mysql -u root -p mysql> CREATE DATABASE oidc_users; mysql> GRANT ALL ON oidc_users.* to openid@'localhost' identified by 'openidpassword';

mysql> quit


* Retrieve the code of django_rp from the GitHub Repository:

cd /tmp ; git clone https://github.com/biancini/Django-PyoidcRP.git django_rp


* Copy the directory “django_rp” into “/var/www”:

cp -Rf /tmp/pyoidc_rp_django/django_rp /var/www/


* Copy and modify the “conf.py” file:

cd /var/www/django_rp/oidc_django

cp conf.py.example conf.py

vim conf.py:


BASE = "https://<YOUR.VM.FQDN>:" + str(PORT) + "/"

SERVER_KEY = '' SERVER_CERT = ''

....

CLIENTS = { # The ones that support webfinger, OP discovery and client registration # This is the default, any client that is not listed here is expected to # support dynamic discovery and registration. "": { "client_info": ME, "behaviour": BEHAVIOUR }, #### REMOVE ANY OTHER CLIENTS #### }


* Modify the ``/var/www/django_rp/settings.py`` file by inserting the right values of the DB and User created:

'NAME': 'oidc_users', # Or path to database file if using sqlite3. 'USER': 'openid', # Not used with sqlite3. 'PASSWORD': 'openidpassword', # Not used with sqlite3.


* Move on ``/var/www/django_rp/`` and execute the command:

cd /var/www/django_rp ; python manage.py syncdb

this will synchronize the database structures and create the Django Auth System surperuser.

* Activate the ``default-ssl`` site and ``ssl`` module of Apache2:

cd /etc/apache2/sites-available ; a2ensite default-ssl

cd /etc/apache2/mods-available ; a2enmod ssl


* Modify the ``default-ssl`` site by adding to the tail (but after the closure of Virtualhost) this piece of code:

Added for django_rp

WSGIPassAuthorization On WSGIScriptAlias / /var/www/django_rp/wsgi.py

<Directory /var/www/django_rp> Order allow,deny Allow from all


* Restart Apache2 service:

service apache2 restart


* Connect to ``https://<YOUR.VM.FQDN>`` and access with ``test@<YOUR.VM.FQDN>:8092``.

* Insert as username ``diana`` and as password ``krall`` and enjoy.
Cookies help us deliver our services. By using our services, you agree to our use of cookies Learn more