{
    "info": {
        "author": "Jon M. Dugan",
        "author_email": "jdugan@es.net",
        "bugtrack_url": null,
        "classifiers": [
            "Development Status :: 4 - Beta",
            "Intended Audience :: Developers",
            "Programming Language :: Python :: 2.7"
        ],
        "description": "|Build Status| |Coverage Status|\n\nshibboleth\\_session\\_auth\n=========================\n\nSimplistic Shibboleth integration for Django sessions\n-----------------------------------------------------\n\nThis is a very simple way of allowing users to be authenticated via\nShibboleth but to be a part of Django groups and users. This is\naccomplished by using Apache ``mod_shib`` to protect the provided view.\nIf the user is able to authenticate then we extract certain details from\nthe data provided by Shibboleth. The view will create Django Users and\nGroups as necessary.\n\nApache Config\n~~~~~~~~~~~~~\n\nThis code has only been tested with ``mod_shib`` for Apache.\n\nHere's the config we use:\n\n::\n\n    <Location /shibboleth-sso/>\n      AuthType shibboleth\n      ShibCompatWith24 On\n      ShibRequestSetting requireSession true\n      Require shib-attr member staff\n    /Location>\n\nYou may want to tweak or remove the ``Require`` line depending on your\nneeds. As it is, it requires users to be a member of group ``staff`` in\norder to be able to authenticate.\n\nDjango Setup\n~~~~~~~~~~~~\n\nYou'll need to add an entry in your ``urls.py``, similar to this:\n\n.. code:: python\n\n    from shibboleth_session_auth.views import shibboleth_session_auth\n\n    urlpatterns += [\n        url(r'^shibboleth-sso/', shibboleth_session_auth, name=\"esnet-sso\"),\n    ]\n\nNote that we use ``shibboleth-sso`` both here and in the Apache config.\n\nDjango Settings\n~~~~~~~~~~~~~~~\n\n.. code:: python\n\n    SHIBBOLETH_SESSION_AUTH = {\n        'IDP_ATTRIBUTE': 'Shib-Identity-Provider',\n        'AUTHORIZED_IDPS': [\n            'https://${YOUR_IDP}/idp/shibboleth',\n        ],\n        #\n        # note that we use Apache environment variables directly rather than the\n        # HTTP_xxx variables which are derived from the HTTP request headers.\n        # The HTTP_xxx variety is vulnerable to potential spoofing\n        #\n        'USER_ATTRIBUTES': [\n            ('uid', 'username', True),\n            ('mail', 'email', True),\n            ('givenName', 'first_name', False),\n            ('sn', 'last_name', False),\n        ],\n        'GROUP_ATTRIBUTE': 'member',\n        'GROUPS_BY_IDP': {},\n        'DJANGO_STAFF_GROUP': 'webadmin',\n    }\n\n``IDP_ATTRIBUTE`` defines which Apache environment variable carries the\nname of the IdP.\n\n``AUTHORIZED_IDPS`` is a list of IdPs that we trust. The full URL may\nvary for your setup -- please check this with whomever runs your IdP..\n\n``USER_ATTRIBUTES`` a list of tuples which are used to map from the\nattribute names provided by the IdP to fields to be used with the Django\nUser model. The format is (``idp_attribute``,\n``django_model_attribute``, ``required``).\n\n``GROUP_ATTRIBUTE`` is the name used by the IdP to provide group\nmembership. The user will be added to each group listed in the group\nattribute. If the group does not already exist it will be created.\nGroups are assumed to be separated by a semicolon (``;``) in the data\nprovided by the IdP.\n\n``GROUPS_BY_IDP`` this is a dictionary mapping an IdP (from\n``AUTHORIZED_IDPS``) to a list of groups. If the user is authenticated\nto the named IdP then the user will be added to each of the groups,\ncreating the groups as necessary.\n\n``DJANGO_STAFF_GROUP`` is the name of the group presented by the IdP\nthat will be used to determine if the user has the ``is_staff`` bit set\nor not.\n\nWe assume the the IdP is the source of truth for groups and for whether\nor not a user should have Django staff privileges. This means that the\nset of groups the user will be a member of will be exactly the set of\ngroups that the IdP sends. This also means that if the user is no longer\na member of ``DJANGO_STAFF_GROUP`` that they will lose their staff\nprivileges.\n\n.. |Build Status| image:: https://travis-ci.org/esnet/shibboleth_session_auth.svg?branch=master\n   :target: https://travis-ci.org/esnet/shibboleth_session_auth\n.. |Coverage Status| image:: https://coveralls.io/repos/github/esnet/shibboleth_session_auth/badge.svg?branch=master\n   :target: https://coveralls.io/github/esnet/shibboleth_session_auth?branch=master\n",
        "description_content_type": null,
        "docs_url": null,
        "download_url": "",
        "downloads": {
            "last_day": -1,
            "last_month": -1,
            "last_week": -1
        },
        "home_page": "https://github.com/esnet/shibboleth_session_auth",
        "keywords": "Django Shibboleth",
        "license": "BSD",
        "maintainer": "",
        "maintainer_email": "",
        "name": "django-shibboleth-session-auth",
        "package_url": "https://pypi.org/project/django-shibboleth-session-auth/",
        "platform": "",
        "project_url": "https://pypi.org/project/django-shibboleth-session-auth/",
        "project_urls": {
            "Homepage": "https://github.com/esnet/shibboleth_session_auth"
        },
        "release_url": "https://pypi.org/project/django-shibboleth-session-auth/0.6.0/",
        "requires_dist": null,
        "requires_python": "",
        "summary": "Simplistic Shibboleth integration for Django sessions",
        "version": "0.6.0"
    },
    "last_serial": 2974559,
    "releases": {
        "0.6.0": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "bf232587cdbb5a689c69031c1f4bc760",
                    "sha256": "f74516f5398fcd9caaabb624a14af4ac87671355a24b581b36d738cd3be28283"
                },
                "downloads": -1,
                "filename": "django-shibboleth-session-auth-0.6.0.tar.gz",
                "has_sig": false,
                "md5_digest": "bf232587cdbb5a689c69031c1f4bc760",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 5922,
                "upload_time": "2017-06-23T20:58:42",
                "url": "https://files.pythonhosted.org/packages/80/b9/e27da435fae897094ddae4d7256070b61674d2a3b508d46c71390d115f3a/django-shibboleth-session-auth-0.6.0.tar.gz"
            }
        ]
    },
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "md5": "bf232587cdbb5a689c69031c1f4bc760",
                "sha256": "f74516f5398fcd9caaabb624a14af4ac87671355a24b581b36d738cd3be28283"
            },
            "downloads": -1,
            "filename": "django-shibboleth-session-auth-0.6.0.tar.gz",
            "has_sig": false,
            "md5_digest": "bf232587cdbb5a689c69031c1f4bc760",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 5922,
            "upload_time": "2017-06-23T20:58:42",
            "url": "https://files.pythonhosted.org/packages/80/b9/e27da435fae897094ddae4d7256070b61674d2a3b508d46c71390d115f3a/django-shibboleth-session-auth-0.6.0.tar.gz"
        }
    ]
}