Login/Register
How to implement single sign-on django auth in azure ad?
Asked Answered
pythondjangoauthenticationazure-ad-graph-api
R

1

11

I have a django-based web application, a client requested that we integrate the login with Azure AD, following the documents I managed to integrate with the following flow. In django the user types only the email, I identify the user and his company and redirect him to the microsoft ad login screen, after login, the redirect uri is activated and in my view I do some validations and authenticate the user on my system. The problem is that every time the customer is going to log in he needs to enter his credentials in azure, would it be possible with the microsoft user_id or the token acquired the first time the user logs in to login? Or another way to log in faster?

This my callback view, called in redirect_uri:

def callback(request):
    user_id = request.session.pop('user_id', '')
    user_internal = User.objects.filter(id=user_id).first()
    company_azure = CompanyAzureAd.objects.filter(company=user_internal.employee.firm).first()
    # Get the state saved in session
    expected_state = request.session.pop('auth_state', '')
    # Make the token request
    url = request.build_absolute_uri(request.get_full_path())
    token = get_token_from_code(url, expected_state, company_azure)

    # Get the user's profile
    user = get_user(token) #in this moment i have user microsoft profile, with token and id

    # Save token and user
    store_token(request, token)
    store_user(request, user)
...

if it is possible to login I could store the token or user id in microsoft in my database, so it would only be necessary to login once

Rowney answered 19/7, 2020 at 15:30 Comment(0)
K
6

I think this is already answered here

Also try this ADFS Authentication for Django

Even you can try the library in python

Django Microsoft Authentication Backend

Kauslick answered 19/7, 2020 at 17:46 Comment(5)
Sorry but i don't understand yet, how/which endpoint call for login with token or client id, for reasons of project/client i dont want use external librariesRowney
Do you mean the SAML based , I think you need to setup in azure. learn.microsoft.com/en-us/azure/active-directory/develop/…Kauslick
Sorry but I still don't understand what you want to show me, I easily get access_token and user id but I don't know what to do with it so that it is not necessary for the user to enter their credentials again in the next requestRowney
If you have got token and clientid then next step is to authorise them. Example: adfs.contoso.com/adfs/oauth2/authorize? client_id=6731de76-14a6-49ae-97bc-6eba6914391e &response_type=code &redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F &response_mode=query &resource=webapi.com &scope=openid &state=12345. Reference: learn.microsoft.com/en-us/windows-server/identity/ad-fs/… I am not sure if this is right, I am not aware more than this.Kauslick
I managed to enable sigin with Azure AD github.com/Azure-Samples/ms-identity-python-django-tutorial/… However I don't know how to signed user mapping to Django user. Please adviseEgmont

© 2022 - 2024 — McMap. All rights reserved.