Ephes Blog

Miscellaneous things. Mostly Weeknotes and links I stumbled upon.

Date -

Weeknotes 2024-07-29

, Jochen
'If you bite it and you die it's poison, but if it bites you and you die, that's venom' #lastboost ☝️ --neingeist

During the first week of our vacation, I spent a lot of time outdoors in nature. Didn’t do anything else ☀️.

Out of Context Images


Weeknotes 2024-07-22

, Jochen
I think we all learned a valuable lesson from this: Never ship. --Tyler Hillsman

With vacation just around the corner, work has been pretty light. I attended the Django Cologne Meetup and watched an interesting talk about Django background tasks. It’s great to think about not having to deal with Celery anymore. I also recorded and published a podcast episode on the Python Data Model. Then, I wrote a piece on implementing Django with SSO and managed to release a new version of django-cast (though there aren’t many updates).

I encountered a strange issue where some command line tools written in Rust (bat, exa) stopped working, showing error messages like this:

 bat Procfile 
dyld[89933]: Library not loaded: /opt/homebrew/opt/libgit2@1.7/lib/libgit2.1.7.dylib
  Referenced from: <968B81E5-4BAB-323C-8FD5-1BFB54F3052D> /opt/homebrew/Cellar/bat/0.24.0_1/bin/bat
  Reason: tried: '/opt/homebrew/opt/libgit2@1.7/lib/libgit2.1.7.dylib' (no such file), '/System/Volumes/Preboot/Cryptexes/OS/opt/homebrew/opt/libgit2@1.7/lib/libgit2.1.7.dylib' (no such file), '/opt/homebrew/opt/libgit2@1.7/lib/libgit2.1.7.dylib' (no such file), '/opt/homebrew/Cellar/libgit2/1.8.1/lib/libgit2.1.7.dylib' (no such file), '/System/Volumes/Preboot/Cryptexes/OS/opt/homebrew/Cellar/libgit2/1.8.1/lib/libgit2.1.7.dylib' (no such file), '/opt/homebrew/Cellar/libgit2/1.8.1/lib/libgit2.1.7.dylib' (no such file)
fish: Job 1, 'bat Procfile' terminated by signal SIGABRT (Abort)

Calling brew reinstall bat fixed it.

Articles

Videos

Software

Fediverse

Weeknotes


Implementing Single Sign-On (SSO) with SAML for a Django Application

, Jochen

Introduction

Adding SSO via SAML to a Django application can be a complex process. When I first tackled this task, I wished for a simple, straightforward tutorial. That's why I've created this guide - to help others implement SSO in their Django apps.

This tutorial will guide you through the process of setting up SSO for your Django application, specifically configuring it as a Service Provider (SP) in the SAML framework. As an SP, your Django app will rely on an external Identity Provider (IdP) for user authentication. By the end of this tutorial, your application will be able to delegate the authentication process to the IdP. This means users can log in through the IdP's interface and then access your app without needing separate credentials. Your Django app, as the SP, will trust and accept the authentication assertions provided by the IdP, allowing seamless and secure access for authenticated users.

Glossary

  • SSO (Single Sign-On): A user authentication process that allows a user to access multiple applications with one set of login credentials.
  • SAML (Security Assertion Markup Language): An XML-based framework for exchanging authentication and authorization information between an Identity Provider (IdP) and a Service Provider (SP).
  • IdP (Identity Provider): The system that provides user authentication and passes the identity of the user to the Service Provider.
  • SP (Service Provider): The system that relies on the Identity Provider to authenticate users and provide access to services or applications.
  • ACS (Assertion Consumer Service): This endpoint on the Service Provider (your Django app) receives and processes SAML assertions sent by the Identity Provider after user authentication. It validates the SAML response and logs the user into the application, granting them access based on the provided authentication details.
  • Metadata (sp.xml/idp.xml): XML files that describe the configuration and capabilities of the Identity Provider and Service Provider.
  • PySAML2: A Python library used for handling SAML2 operations, providing the underlying functionality for SAML-based authentication.
  • django-allauth: A Django package providing user authentication, registration, account management, and third-party (social) account authentication.
  • Mako: A templating engine used for rendering HTML in Python applications.
  • pytest: A testing framework for Python, used for writing and running tests.

With these terms defined, let's dive into setting up Single Sign-On (SSO) with SAML for your Django application.

There are two popular Django packages for integrating SAML2:

  1. Django SAML2 Authentication (a fork of django-saml2-auth by Grafana)
  2. djangosaml2 (which did not support newer Django versions in the past, but this has since been fixed)

These packages use PySAML2 for the main SAML functionality. Their main job is to connect PySAML2 with Django. I chose the first package for this tutorial. It works well, but has some drawbacks. It's not great at handling errors or making testing easy. We'll discuss these issues later in the Caveats section.

For those new to SAML or seeking a deeper understanding, these resources provide helpful content on how SAML works in general:

Single Sign On Login Flow

Maybe we start with an overview how the authentication flow will look like with SSO.

SAML_SSO_Sequence_Diagram

The provided sequence diagram illustrates a typical Single Sign-On (SSO) login flow using Security Assertion Markup Language 2.0 (SAML2) between a User, a Django Application (acting as the Service Provider), and an Identity Provider (IdP). Here's an explanation of each step depicted in the diagram:

  1. User Accesses Login Page: The user navigates to the login page of the Django application.
  2. Display Login Form: The Django application displays a login form with an SSO button.
  3. Click SSO Button: The user clicks the SSO login button.
  4. Redirect to IdP: The Django application redirects the user to the Identity Provider (IdP) for authentication.
  5. Display IdP Login Form: The IdP presents a login form for the user.
  6. Submit Credentials: The user submits their credentials to the IdP.
  7. Redirect Back with Auth Details: The IdP redirects back to the Django application with authentication details.
  8. User Logged In: The Django application logs the user in and grants access.

This flow demonstrates how SAML2 enables Single Sign-On. Users authenticate through an Identity Provider, which then sends a SAML response containing the authentication assertion to your Django application. This allows users to access your application without needing to log in separately.

Here's the Mermaid code that created the diagram above.


Weeknotes 2024-07-15

, Jochen

somehow instead of saying “as a treat”, I’ve started using the phrase “for morale”, as if my body is a ship and its crew, and I (the captain) have to keep us in high spirits, lest we suffer a mutiny in the coming days.
and so I will eat this small block of fancy cheese, for morale. I will take a break and drink some tea, for morale. I will pick up that weird bug, for morale.
I’m not sure if it helps, but it does entertain me --Second Beat Songs

Started writing an article about SSO with Django, which I'll likely publish next week. Unfortunately, no time for open source projects this week.

I'm also getting used to my new camera. While the basic handling and lenses are the same, the post-processing is quite different. I’ve been using Apple Photos for the past few years and was quite happy with it. However, the new Nikon raw files aren't supported, so I have to decide between using a raw to DNG converter, as I discussed last week, or Nikon NX Studio. Currently, I'm trying the latter, but Nikon's software is somewhat odd. In some ways, it's fantastic — colors are great, you can use the same picture control settings as on your camera, and even upload custom looks to the camera. On the downside, it has serious memory leaks, quickly consuming all of my 32GB of RAM, and is also quite slow, requiring frequent restarts.

Articles

Weeknotes

Videos

Fediverse

Out of Context Images


Weeknotes 2024-07-08

, Jochen
ZIZEK: that AI will be the death of learning & so on; to this, I say NO! My student brings me their essay, which has been written by AI, & I plug it into my grading AI, & we are free! While the 'learning' happens, our superego satisfied, we are free now to learn whatever we want --Zack Brown

Workwise, last week was quite busy. However, I managed to attend a meeting of PyDDF, our local Python user group, which was great. I also recorded and published a podcast episode about the DjangoCon Europe 2024 conference. Then I had to roll out a security update for Mastodon, which usually requires minimal maintenance, and updated Takahē along with it. There was also a new release of django-cast, which includes some bug fixes and a new feature: subtitles for blogs.

Here's a tip I discovered while trying to import pictures from my new camera: If you use Apple Photos to manage your pictures and it doesn't read RAW files from newer cameras, you can use the free Adobe DNG Converter to convert RAW files to DNG and then import them into Apple Photos. Unfortunately, it's not possible to preserve changes made in Nikon NX Studio, which has the best RAW support for Nikon cameras, when converting the RAW files to DNG.

Articles

Weeknotes

Videos

Fediverse / Twitter

Software

Out of Context Images