Miscellaneous things. Mostly Weeknotes and links I stumbled upon.
'If you bite it and you die it's poison, but if it bites you and you die, that's venom' #lastboost ☝️ --neingeist
During the first week of our vacation, I spent a lot of time outdoors in nature. Didn’t do anything else ☀️.
I think we all learned a valuable lesson from this: Never ship. --Tyler Hillsman
With vacation just around the corner, work has been pretty light. I attended the Django Cologne Meetup and watched an interesting talk about Django background tasks. It’s great to think about not having to deal with Celery anymore. I also recorded and published a podcast episode on the Python Data Model. Then, I wrote a piece on implementing Django with SSO and managed to release a new version of django-cast (though there aren’t many updates).
I encountered a strange issue where some command line tools written in Rust (bat, exa) stopped working, showing error messages like this:
❯ bat Procfile
dyld[89933]: Library not loaded: /opt/homebrew/opt/libgit2@1.7/lib/libgit2.1.7.dylib
Referenced from: <968B81E5-4BAB-323C-8FD5-1BFB54F3052D> /opt/homebrew/Cellar/bat/0.24.0_1/bin/bat
Reason: tried: '/opt/homebrew/opt/libgit2@1.7/lib/libgit2.1.7.dylib' (no such file), '/System/Volumes/Preboot/Cryptexes/OS/opt/homebrew/opt/libgit2@1.7/lib/libgit2.1.7.dylib' (no such file), '/opt/homebrew/opt/libgit2@1.7/lib/libgit2.1.7.dylib' (no such file), '/opt/homebrew/Cellar/libgit2/1.8.1/lib/libgit2.1.7.dylib' (no such file), '/System/Volumes/Preboot/Cryptexes/OS/opt/homebrew/Cellar/libgit2/1.8.1/lib/libgit2.1.7.dylib' (no such file), '/opt/homebrew/Cellar/libgit2/1.8.1/lib/libgit2.1.7.dylib' (no such file)
fish: Job 1, 'bat Procfile' terminated by signal SIGABRT (Abort)
Calling brew reinstall bat fixed it.
Adding SSO via SAML to a Django application can be a complex process. When I first tackled this task, I wished for a simple, straightforward tutorial. That's why I've created this guide - to help others implement SSO in their Django apps.
This tutorial will guide you through the process of setting up SSO for your Django application, specifically configuring it as a Service Provider (SP) in the SAML framework. As an SP, your Django app will rely on an external Identity Provider (IdP) for user authentication. By the end of this tutorial, your application will be able to delegate the authentication process to the IdP. This means users can log in through the IdP's interface and then access your app without needing separate credentials. Your Django app, as the SP, will trust and accept the authentication assertions provided by the IdP, allowing seamless and secure access for authenticated users.
Glossary
With these terms defined, let's dive into setting up Single Sign-On (SSO) with SAML for your Django application.
There are two popular Django packages for integrating SAML2:
django-saml2-auth by Grafana)These packages use PySAML2 for the main SAML functionality. Their main job is to connect PySAML2 with Django. I chose the first package for this tutorial. It works well, but has some drawbacks. It's not great at handling errors or making testing easy. We'll discuss these issues later in the Caveats section.
For those new to SAML or seeking a deeper understanding, these resources provide helpful content on how SAML works in general:
Maybe we start with an overview how the authentication flow will look like with SSO.
The provided sequence diagram illustrates a typical Single Sign-On (SSO) login flow using Security Assertion Markup Language 2.0 (SAML2) between a User, a Django Application (acting as the Service Provider), and an Identity Provider (IdP). Here's an explanation of each step depicted in the diagram:
This flow demonstrates how SAML2 enables Single Sign-On. Users authenticate through an Identity Provider, which then sends a SAML response containing the authentication assertion to your Django application. This allows users to access your application without needing to log in separately.
Here's the Mermaid code that created the diagram above.
somehow instead of saying “as a treat”, I’ve started using the phrase “for morale”, as if my body is a ship and its crew, and I (the captain) have to keep us in high spirits, lest we suffer a mutiny in the coming days.
and so I will eat this small block of fancy cheese, for morale. I will take a break and drink some tea, for morale. I will pick up that weird bug, for morale.
I’m not sure if it helps, but it does entertain me --Second Beat Songs
Started writing an article about SSO with Django, which I'll likely publish next week. Unfortunately, no time for open source projects this week.
I'm also getting used to my new camera. While the basic handling and lenses are the same, the post-processing is quite different. I’ve been using Apple Photos for the past few years and was quite happy with it. However, the new Nikon raw files aren't supported, so I have to decide between using a raw to DNG converter, as I discussed last week, or Nikon NX Studio. Currently, I'm trying the latter, but Nikon's software is somewhat odd. In some ways, it's fantastic — colors are great, you can use the same picture control settings as on your camera, and even upload custom looks to the camera. On the downside, it has serious memory leaks, quickly consuming all of my 32GB of RAM, and is also quite slow, requiring frequent restarts.
ZIZEK: that AI will be the death of learning & so on; to this, I say NO! My student brings me their essay, which has been written by AI, & I plug it into my grading AI, & we are free! While the 'learning' happens, our superego satisfied, we are free now to learn whatever we want --Zack Brown
Workwise, last week was quite busy. However, I managed to attend a meeting of PyDDF, our local Python user group, which was great. I also recorded and published a podcast episode about the DjangoCon Europe 2024 conference. Then I had to roll out a security update for Mastodon, which usually requires minimal maintenance, and updated Takahē along with it. There was also a new release of django-cast, which includes some bug fixes and a new feature: subtitles for blogs.
Here's a tip I discovered while trying to import pictures from my new camera: If you use Apple Photos to manage your pictures and it doesn't read RAW files from newer cameras, you can use the free Adobe DNG Converter to convert RAW files to DNG and then import them into Apple Photos. Unfortunately, it's not possible to preserve changes made in Nikon NX Studio, which has the best RAW support for Nikon cameras, when converting the RAW files to DNG.
