dj-sso-server is a Django application that provides Single Sign-on feature for your project.
dj-sso-server application works as a SSO provider , you can use
dj-sso-client (https://github.com/tofu0913/dj-sso-client) as the SSO client in other projects need SSO.
Install by command
pip install dj-sso-server
The dependent package
dj-api-auth (https://github.com/feifangit/dj-api-auth) will be installed automatically.
How it works
Based on the
dj-api-authmodule, we can create an API key with SSO related APIs initially included. All the API communications between
dj-sso-clientare protected by
The API key will also be bind with a host which is used to limit the origin of SSO requests.
SSO work flow with
dj-sso-clientapplies a request key via API
The request key in
dj-sso-serverside will be kept in cache for 5 minutes, so the whole SSO login process should be done in 5 minutes.
With the request key,
dj-sso-clientredirects user to SSO login page on SSO provider, and get auth token if login success.
- verify the request origin
- verify request key validity (expired?)
- save user information in cache
dj-sso-clientverifies the auth token with
authtoken/, and get a
dj-sso-serverdelete the request key from cache once the
If there's an already logged-in account on
dj-sso-server(say, the project where SSO provider is placed also provides other features, and there's a valid cookies in browser side and valid session on server side), user can select to continue with that logged account.
SSO login through
dj-sso-serverwith not affect the login status on
Since request keys are stored in cache waiting for verification or expiration. If you have multiple application process running in your deployment (gunicorn etc.), please use proper cache system that can be shared between processes.
Memcached and Redis are both great for caching, be aware, the Local-memory caching (
django.core.cache.backends.locmem.LocMemCache) is a toy for local debugging.
dj-sso-server to project
- Assign an URL to the module
# add auth for a browser-oriented view url(r'^sso/', include("djssoserver.urls")) #...
optional, a path to function receives an user object and return a json string.
def default_user_to_json(user): return json.dumps(model_to_dict(user, exclude=["password", "user_permissions"]), cls=DjangoJSONEncoder)
In order to discover and manage APIs, after
dj-sso-server is added in an accessible
urls.py, run command
python manage.py reloadentrypoints to collect APIs to database.
Create API key for SSO
- From your admin site, create an API key at
Single sign-on/SSO credential. All SSO related APIs will assigned to this API Key automatically.
- After the API key for SSO is ready, you can assign more APIs for this API key at
API Auth/Credentialfrom admin site
Customize SSO login page
You can add styles to your own SSO login page. simply create
djsso/ssologin.html under the
templates folder. Revamp it by imitating the
dj-sso-client gets a
SSOUser object whatever the User model is used in SSO provider project.
See detail in README file of
We have a SSO provider application running on Heroku (https://dj-sso-sample.herokuapp.com/).
Source code: under
To try the demo out, check out the README file of