aboutsummaryrefslogtreecommitdiff
path: root/README.md
blob: fceef94546089448cf6262c789f3cc7a4d66afad (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
Django authentification backend using Crowd REST API
====================================================

This is a very rough implementation of a django backend
using Crowd's REST API.

It is inspired by the various forks of django-crowd-backend.
Those implementations were always using SOUP.
This one is just using REST API supported by Crowd. 
See [Atlassian](https://developer.atlassian.com/display/CROWDDEV/Crowd+REST+APIs).

Current implementation
======================

- Connect to Crowd server
- Authenticate given user by password
- Sync Django user instance with attributes from Crowd user
- Setup Djnago user staff/superuser flags based on associated Crowd groups of user

Features
========

- HTTPS certificate validation when connecting to secure Crowd url

Missing
=======

- No handling of SSO cookie

Dependencies
============

- just 'urllib2' with a little tweak from [VerifiedHTTPS](https://github.com/josephturnerjr/urllib2.VerifiedHTTPS)
  to allow validation of https certificate.

How to use it
=============

- Edit settings.py to add 'crowdrest' app to your list of apps

- Adapt configuration settings for crowdrest in settings.py by adding
	
	_whether you want to sync django users from Crowd attributes_
	
		AUTH_CROWD_ALWAYS_UPDATE_USER = True

	_whether you want to sync django groups from Crowd groups_

		AUTH_CROWD_ALWAYS_UPDATE_GROUPS = True
	If you use any form of group-based autorization/permission checking,
	you'd rather have this as True (default). In particular, AUTH_CROWD_STAFF_GROUP
	& AUTH_CROWD_SUPERUSER_GROUP settings depend on this.
    
	_Django user will get staff flag when Crowd user is in given Crowd group_
	
		AUTH_CROWD_STAFF_GROUP = 'staff'
    
	_Django user will get superuser flag when Crowd user is in given Crowd group_
	
		AUTH_CROWD_SUPERUSER_GROUP = 'superuser'
	Note that superuser group member does not imply staff membership and vice
	versa (make sure you read Django docs to understand the difference).
    
	_crowdrest will use this username and password to connect to Crowd server_
	
		AUTH_CROWD_APPLICATION_USER = 'django'
	
		AUTH_CROWD_APPLICATION_PASSWORD = 'django'
    
	_URL to Crowd REST API_
	
		AUTH_CROWD_SERVER_REST_URI = 'http://127.0.0.1:8095/crowd/rest/usermanagement/latest'
    
	_Use given certificate file to validate https connection to Crowd server_
	
		AUTH_CROWD_SERVER_TRUSTED_ROOT_CERTS_FILE = None
  
Problems ?
==========

Just send me a message. Let's see if I can help.

License
=======

Use this code as you want. Consider it free. Say thank you. Don't blame me if it doesn't work for you.