This is a very rough implementation of a django backend using Crowd's REST API.
It is inspired by the various forks of django-crowd-backend. Those implementations were always using SOUP. This one is just using REST API supported by Crowd. See Atlassian.
- Connect to Crowd server
- Authenticate given user by password
- Sync Django user instance with attributes from Crowd user
- Setup Djnago user staff/superuser flags based on associated Crowd groups of user
- HTTPS certificate validation when connecting to secure Crowd url
- No handling of SSO cookie
- just 'urllib2' with a little tweak from VerifiedHTTPS to allow validation of https certificate.
-
Edit settings.py to add 'crowdrest' app to your list of apps
-
Adapt configuration settings for crowdrest in settings.py by adding
whether you want to sync django users from Crowd attributes
AUTH_CROWD_ALWAYS_UPDATE_USER = True
whether you want to sync django groups from Crowd groups
AUTH_CROWD_ALWAYS_UPDATE_GROUPS = True
If you use any form of group-based autorization/permission checking, you'd rather have this as True (default). In particular, AUTH_CROWD_STAFF_GROUP & AUTH_CROWD_SUPERUSER_GROUP settings depend on this.
whether you want to sync all user's Crowd groups into Django
AUTH_CROWD_CREATE_GROUPS = False
This setting is considered only if AUTH_CROWD_ALWAYS_UPDATE_GROUPS = True. If this is True, then all user's groups in Crowd will be synced to Django (so, effectively, you'll be able to check Crowd group memberships using Django API). If set to False (default), no groups will be created by backend, and only groups already existing in Django will be considered (i.e. user group membership in Django will be updated to intersection of user's Crowd groups and all available Django groups).
you'd rather have this as True (default). In particular, AUTH_CROWD_STAFF_GROUP & AUTH_CROWD_SUPERUSER_GROUP settings depend on this.
Django user will get staff flag when Crowd user is in given Crowd group
AUTH_CROWD_STAFF_GROUP = 'staff'
Django user will get superuser flag when Crowd user is in given Crowd group
AUTH_CROWD_SUPERUSER_GROUP = 'superuser'
Note that superuser group member does not imply staff membership and vice versa (make sure you read Django docs to understand the difference).
crowdrest will use this username and password to connect to Crowd server
AUTH_CROWD_APPLICATION_USER = 'django' AUTH_CROWD_APPLICATION_PASSWORD = 'django'
URL to Crowd REST API
AUTH_CROWD_SERVER_REST_URI = 'http://127.0.0.1:8095/crowd/rest/usermanagement/latest'
Use given certificate file to validate https connection to Crowd server
AUTH_CROWD_SERVER_TRUSTED_ROOT_CERTS_FILE = None
Disable validation of server certificate for https connection to Crowd server (This is a security risk and is not recommended for production environments)
AUTH_CROWD_SERVER_VALIDATE_CERTIFICATE = False
Just send me a message. Let's see if I can help.
Use this code as you want. Consider it free. Say thank you. Don't blame me if it doesn't work for you.