Django Single Sign On or a Solution to Multi-domain Cookies

posted on June 18th, 2009 by Greg Allard in Greg's Posts on Code Spatter

I’ve been working on a project for a while and it has recently started to expand to an additional domain name. The domains will be using the same user base and I want to make it simple for users to be logged in at both applications. With a little research I dug up a few options I could go with. There is a redirect option, a javascript option, or a single sign on option.

With the redirect option I could redirect users to the main domain, check for cookies, and redirect them back so that they could get new cookies for the additional domain. The downside to this method is it will increase traffic for every pageload from a new visitor even if they will never need to log in. And since the sites this was for will have pages being viewed many more times than there will be logged in users, it wasn’t worth all of the extra traffic. It might be possible to minimize this traffic by only redirecting on login pages, but if the login form is at the top of all pages then it doesn’t help much.

Facebook uses a javascript method on all of the sites where you see facebook connect so you can use your facebook credentials to comment on blogs and other things. This method may be fine for their case, but again it will cause the extra traffic since the javascript is still connecting to the main server to get cookie info. I also don’t want to rely on javascript for my sessions.

I wanted a solution where it would only keep users logged in when they needed to be kept logged in. One way of knowing if they need to be kept logged in is: they are on one domain and click a link to go over to the other domain. Using a single-sign-on link to the other domain, the user would stay logged in at the new domain. The only use case that this doesn’t account for is someone is logged in at one domain and then types the other domain into the address bar. However that is a minimal case and I think the sso link will be the best way to keep users logged in most of the time and keep the overhead down.

I plan on open sourcing the django sso code so that other people can use it in their projects. It will allow a django site to accept single sign on requests and it will also help to create single sign on links to other sites. Both ends of the process don’t need to be a django site since it should work with other applications that use this type of process to authenticate users.

I’ll write a post on here about how to use the code once I get it set up at google code so if you are interested in that, you should probably subscribe to the rss so you don’t miss it.

Related posts:

  1. Django Settings Site Domain example.com It took me a while to figure out how to...
  2. OpenID Enabled If you haven’t stumbled upon any sites that use OpenID...
  3. Python Projects in Users’ Home Directories with wsgi Letting users put static files and php files in a...

Getting Basecamp API Working with Python

posted on April 1st, 2009 by Greg Allard in Greg's Posts on Code Spatter

I found one library that was linked everywhere, but it wasn’t working for me. I was always getting 400 Bad Request when using it. Chris Conover was able to get the following code working.

import urllib2
 
protocol = 'https://'
url = 'example.com'
command = '/projects.xml'
headers = {'Accept' : 'application/xml', 
'Content-type' : 'applications/xml'}
username = 'x'
password = 'y'
 
# Setup password stuff
passman = urllib2.HTTPPasswordMgrWithDefaultRealm()
passman.add_password(None, url, username, password)
authhandler = urllib2.HTTPBasicAuthHandler(passman)
opener = urllib2.build_opener(authhandler)
urllib2.install_opener(opener)
 
# Send the request and get response
req = urllib2.Request(protocol + url + command, None, headers)
response = urllib2.urlopen(req)
results = response.read()
 
print results

I thought it was a problem with how the authorization was formed so based on the above code I modified the old basecamp.py file and I was able to get a response. The following is what I changed.

Around line 64

    def __init__(self, username, password, protocol, url):
        self.baseURL = protocol+url
        if self.baseURL[-1] == '/':
            self.baseURL = self.baseURL[:-1]
 
        passman = urllib2.HTTPPasswordMgrWithDefaultRealm()
        passman.add_password(None, url, username, password)
        authhandler = urllib2.HTTPBasicAuthHandler(passman)
 
        self.opener = urllib2.build_opener(authhandler)

And around line 142

path = '/projects.xml'

With that I was able to use basecamp.py to retrieve a list of projects. Other modifications may be needed for other features, but that was all I planned on using.

Here is an example of using ElementTree to parse the XML response to get the names of all of the projects returned from basecamp.

import elementtree.ElementTree as ET
from basecamp import Basecamp
 
protocol = 'https://'
url = 'example.com'
username = 'x'
password = 'y'
 
bc = Basecamp(username, password, protocol, url)
projects = bc.projects()
tree = ET.fromstring(projects)
tags = tree.getiterator(tag='project')
 
for t in tags:
    project_name = t.findtext('name')

Related posts:

  1. Python Projects in Users’ Home Directories with wsgi Letting users put static files and php files in a...
  2. How to Add Locations to Python Path for Reusable Django Apps In my previous post I talk about reusable apps, but...
  3. Setting up Apache2, mod_python, MySQL, and Django on Debian Lenny or Ubuntu Hardy Heron Both Debian and Ubuntu make it really simple to get...

TechStream (aka ToBeDone 2.0)

posted on April 1st, 2008 by Greg in CDWS Projects

Workflow Management

To Be Done is a Web-based workflow tool that manages the collection, tracking, and processing of work requests. It is written in PHP and uses a MySQL database. It facilitates the collaboration between teams by enabling team members to create requests for other teams’ members to complete. Time-to-completion data is stored when a user completes a request and can be used to display totals, percentages, and averages of requests and hours in a report that can be generated automatically. The report that is generated can also display specific information per user and per course.

Read the rest of this entry »

Study Session Scheduler

posted on April 1st, 2008 by Greg in Class Projects

SSS is designed to help students schedule study sessions by allowing them to input their available times and to view available times of students in their courses. A student can start a session at a time that the most people are available and other students can sign up to the study session. This was a project for Software Engineering I and originally suggested by Chris Havreberg. I collaborated with coworker and classmate, Thomas Welfley to develop this site in a surprisingly short amount of time. This was the first test of a new version of a template engine that Thomas and I had been working on (CyTE).

CyTE

posted on March 20th, 2008 by Greg in Personal Projects

The Cyberia Template Engine is a project that was developed after Thomas Welfley and I wanted to expand upon the basic template engine used in Valhalla. We expanded on the idea of content slots to instead use keys which could return content as well as additional keys. This would allow the site to be broken into small reusable pieces and reduce the amount of duplicated code. There is also a post handler aspect that will help with error checking and collecting form data.

For this project I have created the database abstraction layer, the authorization system, and added the ability to package modules easily for future developers that may use the platform.

I have used this template engine on a few sites and in the process I have gathered an abundant repository of useful functions that will be packed with the release.