Today I would like to post about Django applications and SSO integration. In SSO Integration, there's usually a SAML exchange between an identityProvider (federated) and a Service provider (Django App). The SAML assertions are authentication assertions and attribute assertions. There's usually a protocol (SOAP over http) and binding (how messages are exchanged) that defines the way SAML asks for and gets assertion. In the Django implementation, there are a few things we need to configure to get it to talk to the idP.
First it must ask the idP for a metadata configuration. This is usually a JSON script.
The SP must implement both metadata URLs and SSOLogin URLs. The former is used to describe what the service provider SAML and the latter is used to implement what the callback/relay for the login to complete.
The Django app implements two methods in its view - one to call the auth.login() and the other to handle the callback from OKTA.
Note however that the Django app implemented this way handles SSO but not OAuth.
By the way, the integration of SSO with Django application is something I've learned from a colleague at my work place.
Typically OAuth is for API and SSO is for portal.
#codingexercise
Double GetOddNumberRangeSumPower ()(Double [] A, int n, int m)
{
if (A == null) return 0;
Return A.OddNumberRangeSumPower(n,m);
}
We now look at an API Gateway. This is both a central authenticator and an aggregator. This is typically deployed in a demilitarized zone. There are different layers and different places at which the gateway can apply. For example, it can apply to different protocols such as FTP, POP, HTTP etc and can be applied to a webstack hosted locally or by a third party. An HTTP Proxy is a typical example for an API gateway to a REST based web stack. An API gateway can be inside a CDN filtering traffic before it reaches the servers. It can be a proxy hosted by a third party before the traffic reaches the web service. It can be a dedicated machine which can be in our own cloud or infrastructure. It can be even within the application stack if the API Gateway can be a module that can be invoked within the application.
No comments:
Post a Comment