1

My question may be too broad or vague, but I cannot best describe it in any other way than I am doing it.

I have multiple Django applications. I have implemented SSO successfully for the same. All this things work. Now, I have been given a new task and its like this.

I have to integrate Microsoft ADFS authentication into my suite of applications and broaden the scope of current SSO.

My understanding of it is as, when I log into my laptop which is on corporate network (I assume this is how I have to put it) I also get logged into my django applications

I seriously have no idea of how this work as I have no experience with ADFS. Can anyone with experience of this explain it with a scenario of how it works so that I can understand it and think of a solution to it.

PS: If there is any more information needed I will provide. Also, if downvoting the question do put a reason so that I can edit the question and post it as it should be.

Rajesh Yogeshwar
  • 2,111
  • 2
  • 18
  • 37
  • 1
    [`django-auth-adfs`](https://pypi.python.org/pypi/django-auth-adfs) – Burhan Khalid Mar 07 '16 at 05:41
  • @BurhanKhalid I went through that. Can you explain something. See I log in to my laptop the whole authentication process through adfs happens successfully, now open my browser go to my application. Now at this point how do I identify the logged in user? Wouldn't this be the point of some action you know like reading some file that stores some info about user identity or something like that. – Rajesh Yogeshwar Mar 07 '16 at 06:03
  • 1
    When you authenticate with ADFS, you get a SAML token back that contains the assertions about the user i.e. claims. Refer https://msdn.microsoft.com/en-us/library/hh291068(v=vs.110).aspx for an .NET example which will get you some hints, For background, read https://msdn.microsoft.com/en-us/library/ff423674.aspx. Also http://stackoverflow.com/questions/19930603/best-way-to-integrate-adfs-2-0-authentication-in-a-django-application?rq=1 – rbrayb Mar 07 '16 at 18:36

1 Answers1

0

if Django supports SAML based login, then you set it up to trust ADFS. ADFS will automatically take care of logging in using your logged in credentials to a domain joined machine inside the corporate network. If the user accessed externally, it would prompt for password or a certificate based auth (e.g. smartcard) to login the user.

SamuelD MSFT
  • 781
  • 4
  • 5
  • So what I understand from your answer is that, if I have a machine that is on domain "abc.com" and when a user logs into this machine adfs will automatically log that user with same credentials into my web application(login credentials are same for machine and web application). Correct me if I am wrong. – Rajesh Yogeshwar Mar 08 '16 at 05:14