Single Sign On

If your systems consists of different services built on multiple platforms, you don't want to force your users to create multiple accounts, and log in to each of the services. Therefore single sign on is a requirement of most non trivial setups. Take a look at how google allows you to access all their different services only logging in once.

OpenSSO

OpenSSO is a really cool Access Manager provided by Sun. And it's open source too! It's a very flexible tool you can use to enable single sign on functionality for your systems. It supports nearly every authentication standard and various ways of accessing these services. It is written in Java (of course, beeing a Sun system), and runs on top Glassfish and other java application servers.

Recently I helped build a system where one of the components was an open source CMS and the other was a custom built Django application. One of the reasons for writing parts of the system in Django was to take advantage of Djangos excellent admin application. The client needed an easy way to administer their highly relational data. The Django admin was a perfect fit.

Django and single sign on.

Luckily Django has pluggable authentication backends with a very simple interface. Since the Django admin only works if users are created with the standard django auth application, we decided to let Django be in charge of managing users. OpenSSO can use any user store you setup. With that in place I implemented three things to enable to Django Use OpenSSO single sign on.

1. a custom authentication backend for Django.
2. I decided to access OpenSSO through it's REST interface, so I implemented a simple OpenSSO REST client in python to simplify things.
3. A login decorator for django views. I could not use the Django's standard "login_required" decorator, since it is username / password based, and OpenSSO uses a single token for authentication.