EVOLUTION-MANAGER

Edit File: auth.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Authentication to FAS &mdash; python-fedora 0.10.0 documentation</title> <link rel="stylesheet" href="_static/default.css" type="text/css" /> <link rel="stylesheet" href="_static/pygments.css" type="text/css" /> <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '', VERSION: '0.10.0', COLLAPSE_INDEX: false, FILE_SUFFIX: '.html', HAS_SOURCE: true }; </script> <script type="text/javascript" src="_static/jquery.js"></script> <script type="text/javascript" src="_static/underscore.js"></script> <script type="text/javascript" src="_static/doctools.js"></script> <link rel="search" type="application/opensearchdescription+xml" title="Search within python-fedora 0.10.0 documentation" href="_static/opensearch.xml"/> <link rel="top" title="python-fedora 0.10.0 documentation" href="index.html" /> <link rel="next" title="Fedora Django Authentication Backend" href="django.html" /> <link rel="prev" title="CSRF Protection" href="CSRF.html" /> </head> <body> <div class="related"> <h3>Navigation</h3> <ul> <li class="right" style="margin-right: 10px"> <a href="genindex.html" title="General Index" accesskey="I">index</a></li> <li class="right" > <a href="py-modindex.html" title="Python Module Index" >modules</a> |</li> <li class="right" > <a href="django.html" title="Fedora Django Authentication Backend" accesskey="N">next</a> |</li> <li class="right" > <a href="CSRF.html" title="CSRF Protection" accesskey="P">previous</a> |</li> <li><a href="index.html">python-fedora 0.10.0 documentation</a> &raquo;</li> </ul> </div> <div class="document"> <div class="documentwrapper"> <div class="bodywrapper"> <div class="body"> <div class="section" id="authentication-to-fas"> <h1>Authentication to FAS<a class="headerlink" href="#authentication-to-fas" title="Permalink to this headline">¶</a></h1> <p>The <a class="reference internal" href="existing.html#fedora-account-system"><em>Fedora Account System</em></a> has a <a class="reference internal" href="glossary.html#term-json"><em class="xref std std-term">JSON</em></a> interface that we make use of to authenticate users in our web apps. Currently, there are two modes of operation. Some web apps have <a class="reference internal" href="glossary.html#term-single-sign-on"><em class="xref std std-term">single sign-on</em></a> capability with <a class="reference internal" href="existing.html#fas"><em>Fedora Account System</em></a>. These are the <a class="reference internal" href="glossary.html#term-turbogears"><em class="xref std std-term">TurboGears</em></a> applications that use the <tt class="xref py py-mod docutils literal"><span class="pre">jsonfasprovider</span></tt>. Other apps do not have <a class="reference internal" href="glossary.html#term-single-sign-on"><em class="xref std std-term">single sign-on</em></a> but they do connect to <a class="reference internal" href="existing.html#fas"><em>Fedora Account System</em></a> to verify the username and password so changing the password in <a class="reference internal" href="existing.html#fas"><em>Fedora Account System</em></a> changes it everywhere.</p> <div class="section" id="turbogears-identity-provider-2"> <span id="jsonfas2"></span><h2>TurboGears Identity Provider 2<a class="headerlink" href="#turbogears-identity-provider-2" title="Permalink to this headline">¶</a></h2> <p>An identity provider with <a class="reference internal" href="glossary.html#term-csrf"><em class="xref std std-term">CSRF</em></a> protection.</p> <p>This will install as a TurboGears identity plugin. To use it, set the following in your <tt class="file docutils literal"><span class="pre">APPNAME/config/app.cfg</span></tt> file:</p> <div class="highlight-python"><div class="highlight"><pre><span class="n">identity</span><span class="o">.</span><span class="n">provider</span><span class="o">=</span><span class="s">&#39;jsonfas2&#39;</span> <span class="n">visit</span><span class="o">.</span><span class="n">manager</span><span class="o">=</span><span class="s">&#39;jsonfas2&#39;</span> </pre></div> </div> <div class="admonition-see-also admonition seealso"> <p class="first admonition-title">See also</p> <p class="last"><a class="reference internal" href="CSRF.html#csrf-protection"><em>CSRF Protection</em></a></p> </div> </div> <div class="section" id="turbogears-identity-provider-1"> <span id="jsonfas1"></span><h2>Turbogears Identity Provider 1<a class="headerlink" href="#turbogears-identity-provider-1" title="Permalink to this headline">¶</a></h2> <p>These methods are <strong>deprecated</strong> because they do not provide the <a class="reference internal" href="glossary.html#term-csrf"><em class="xref std std-term">CSRF</em></a> protection of <a class="reference internal" href="#jsonfas2"><em>TurboGears Identity Provider 2</em></a>. Please use that identity provider instead.</p> </div> <div class="section" id="django-authentication-backend"> <span id="djangoauth"></span><h2>Django Authentication Backend<a class="headerlink" href="#django-authentication-backend" title="Permalink to this headline">¶</a></h2> <div class="toctree-wrapper compound"> <ul> <li class="toctree-l1"><a class="reference internal" href="django.html">Fedora Django Authentication Backend</a><ul> <li class="toctree-l2"><a class="reference internal" href="django.html#fedora-django-auth">fedora.django.auth</a></li> </ul> </li> </ul> </div> </div> <div class="section" id="flask-auth-plugin"> <span id="flask-fas"></span><h2>Flask Auth Plugin<a class="headerlink" href="#flask-auth-plugin" title="Permalink to this headline">¶</a></h2> <div class="toctree-wrapper compound"> <ul> <li class="toctree-l1"><a class="reference internal" href="flask_fas.html">FAS Flask Auth Plugin</a><ul> <li class="toctree-l2"><a class="reference internal" href="flask_fas.html#configuration">Configuration</a></li> <li class="toctree-l2"><a class="reference internal" href="flask_fas.html#sample-application">Sample Application</a></li> </ul> </li> </ul> </div> </div> <div class="section" id="flask-fas-openid-auth-plugin"> <span id="flaskopenid"></span><h2>Flask FAS OpenId Auth Plugin<a class="headerlink" href="#flask-fas-openid-auth-plugin" title="Permalink to this headline">¶</a></h2> <p>The flask_openid provider is an alternative to the flask_fas auth plugin. It leverages our FAS-OpenID server to do authn and authz (group memberships). Note that not every feature is available with a generic OpenID provider &#8211; the plugin depends on the OpenID provider having certain extensions in order to provide more than basic OpenID auth.</p> <ul class="simple"> <li>Any compliant OpenID server should allow you to use the basic authn features of OpenID OpenID authentication core: <a class="reference external" href="http://openid.net/specs/openid-authentication-2_0.html">http://openid.net/specs/openid-authentication-2_0.html</a></li> <li>Retrieving simple information about the user such as username, human name, email is done with sreg: <a class="reference external" href="http://openid.net/specs/openid-simple-registration-extension-1_0.html">http://openid.net/specs/openid-simple-registration-extension-1_0.html</a> which is an extension supported by many providers.</li> <li>Advanced security features such as requiring a user to re-login to the OpenID provider or specifying that the user login with a hardware token requires the PAPE extension: <a class="reference external" href="http://openid.net/specs/openid-provider-authentication-policy-extension-1_0.html">http://openid.net/specs/openid-provider-authentication-policy-extension-1_0.html</a></li> <li>To get groups information, the provider must implement the <a class="reference external" href="https://dev.launchpad.net/OpenIDTeams">https://dev.launchpad.net/OpenIDTeams</a> extension.<ul> <li>We have extended the teams extension so you can request a team name of <tt class="docutils literal"><span class="pre">_FAS_ALL_GROUPS_</span></tt> to retrieve all the groups that a user belongs to. Without this addition to the teams extension you will need to manually configure which groups you are interested in knowing about. See the documentation for how to do so.</li> </ul> </li> <li>Retrieving information about whether a user has signed a CLA (For Fedora, this is the Fedora Project Contributor Agreement). <a class="reference external" href="http://fedoraproject.org/specs/open_id/cla">http://fedoraproject.org/specs/open_id/cla</a></li> </ul> <p>If the provider you use does not support one of these extensions, the plugin should still work but naturally, it will return empty values for the information that the extension would have provided.</p> <div class="toctree-wrapper compound"> <ul> <li class="toctree-l1"><a class="reference internal" href="flask_fas_openid.html">FAS Flask OpenID Auth Plugin</a><ul> <li class="toctree-l2"><a class="reference internal" href="flask_fas_openid.html#configuration">Configuration</a></li> <li class="toctree-l2"><a class="reference internal" href="flask_fas_openid.html#sample-application">Sample Application</a></li> </ul> </li> </ul> </div> </div> <div class="section" id="fas-who-plugin-for-turbogears2"> <span id="faswho"></span><h2>FAS Who Plugin for TurboGears2<a class="headerlink" href="#fas-who-plugin-for-turbogears2" title="Permalink to this headline">¶</a></h2> <div class="toctree-wrapper compound"> <ul> <li class="toctree-l1"><a class="reference internal" href="faswho.html">FASWho Plugin</a><ul> <li class="toctree-l2"><a class="reference internal" href="faswho.html#authenticating-against-fas-with-turbogears2">Authenticating against FAS with TurboGears2</a></li> <li class="toctree-l2"><a class="reference internal" href="faswho.html#using-csrf-middleware-with-other-auth-methods">Using CSRF middleware with other Auth Methods</a></li> <li class="toctree-l2"><a class="reference internal" href="faswho.html#templates">Templates</a></li> </ul> </li> </ul> </div> </div> </div> </div> </div> </div> <div class="sphinxsidebar"> <div class="sphinxsidebarwrapper"> <h3><a href="index.html">Table Of Contents</a></h3> <ul> <li><a class="reference internal" href="#">Authentication to FAS</a><ul> <li><a class="reference internal" href="#turbogears-identity-provider-2">TurboGears Identity Provider 2</a></li> <li><a class="reference internal" href="#turbogears-identity-provider-1">Turbogears Identity Provider 1</a></li> <li><a class="reference internal" href="#django-authentication-backend">Django Authentication Backend</a><ul> </ul> </li> <li><a class="reference internal" href="#flask-auth-plugin">Flask Auth Plugin</a><ul> </ul> </li> <li><a class="reference internal" href="#flask-fas-openid-auth-plugin">Flask FAS OpenId Auth Plugin</a><ul> </ul> </li> <li><a class="reference internal" href="#fas-who-plugin-for-turbogears2">FAS Who Plugin for TurboGears2</a><ul> </ul> </li> </ul> </li> </ul> <h4>Previous topic</h4> <p class="topless"><a href="CSRF.html" title="previous chapter">CSRF Protection</a></p> <h4>Next topic</h4> <p class="topless"><a href="django.html" title="next chapter">Fedora Django Authentication Backend</a></p> <h3>This Page</h3> <ul class="this-page-menu"> <li><a href="_sources/auth.txt" rel="nofollow">Show Source</a></li> </ul> <div id="searchbox" style="display: none"> <h3>Quick search</h3> <form class="search" action="search.html" method="get"> <input type="text" name="q" /> <input type="submit" value="Go" /> <input type="hidden" name="check_keywords" value="yes" /> <input type="hidden" name="area" value="default" /> </form> <p class="searchtip" style="font-size: 90%"> Enter search terms or a module, class or function name. </p> </div> <script type="text/javascript">$('#searchbox').show(0);</script> </div> </div> <div class="clearer"></div> </div> <div class="related"> <h3>Navigation</h3> <ul> <li class="right" style="margin-right: 10px"> <a href="genindex.html" title="General Index" >index</a></li> <li class="right" > <a href="py-modindex.html" title="Python Module Index" >modules</a> |</li> <li class="right" > <a href="django.html" title="Fedora Django Authentication Backend" >next</a> |</li> <li class="right" > <a href="CSRF.html" title="CSRF Protection" >previous</a> |</li> <li><a href="index.html">python-fedora 0.10.0 documentation</a> &raquo;</li> </ul> </div> <div class="footer"> &copy; Copyright 2007-2018 Red Hat, Inc.. Last updated on Feb 01, 2018. Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.1.3. </div> </body> </html>