Reputation: 1051
(Django) Sharing authentication across two sites that are on different domains
I have two sites say foo.com and bar.com and are both Django based. Primary registration occurs on foo.com (I'd like the main user db to be here) and I'd like for three things to happen:
1) User that logs in to foo.com is automatically able to access bar.com without logging in again
2) User that logs in to bar.com directly is authenticated against foo.com user db.
3) There is no need for a user to register at bar.com directly.
How can I achieve this? If it greatly simplifies things I can make bar.com a subdomain of foo.com (eg. bar.foo.com) but they must be separate sites.
Upvotes: 15
Views: 9703
Answers (5)
Reputation: 11
These can be achieved by implementing CAS (Centralized Authentication Service).
In your example, foo.com is your server, bar.com is the client. Only one server is required; you can have as many clients as you need.
On your server:
- Install and configure django-mama-cas (or any equivalent) and django-cas-ng (or any equivalent).
- Not required to add django-cas-ng urls on the server.
On you client(s):
- Install and configure django-cas-ng (or any equivalent).
- Add the login and logout django-cas-ng urls on the client's urls.py.
- For me, I have added the decorator @login_required(login_url="/accounts/login") to the protected views
- Be sure to define CAS_SERVER_URL in the settings.py of the client. In your example, that would be something like "CAS_SERVER_URL = foo.com".
Hope this helps someone as I have not found any tutorial that explicitly gave and explained the instructions above.
Upvotes: 0
Reputation: 3307
I had a very similar problem but OpenID was not a viable solution for me. With the advent of multiple databases in django >1.2, it is now pretty easy to share session and login data across sites. This blog post does a great job of explaining how to get it set up. Hopefully others find this as useful as I did.
Upvotes: 5
Reputation: 23066
It depends on your requirements. If you're able to, the simple solution is to simply host both sites on one Django instance. In other words, your Django project hosts both sites but you have a url rewrite rule that maps foo.com to http://localhost/foo/ and bar.com to http://localhost/bar/. Django's auth system will "just work" under this scenario. Rewrite rules can of course also apply to subdomains; I've built a system that hosts hundreds of subdomains using this technique.
If this isn't an option, sharing databases between your Django instances and setting SESSION_COOKIE_DOMAIN, as mentioned by others, should work.
Upvotes: 7
Reputation: 700
I think what you are looking for is the SESSION_COOKIE_DOMAIN setting. You would set it like this:
SESSION_COOKIE_DOMAIN = 'foo.com'
See http://docs.djangoproject.com/en/dev/topics/http/sessions/#session-cookie-domain for more information on that. This does assume that both applications are using the same session storage backend.
Upvotes: 0
Reputation: 15824
Your 3rd requirement could easily be solved by sharing the same database between the two sites (therefore having the same Users table.
The 1st requirement is tricky because of cross domain issues (the session cookie will not be shared).
What you are really looking for is a Single Sign On (SSO). You might consider django-openid.
Upvotes: 6
Related Questions
- Django single sign on and Php site: cross domain login?
- When using sub-domains for a Django site, how can you share django logins across sub-domains on localhost?
- Shared authentication across multiple django sites
- Django: maintain sessions across multiple domains
- Django multiple sites : Prevent cross-site authentification
- Creating user in django with same password in multiple domains
- Multiple Django apps, shared authentication
- How to build a secure Django single signon between different sites?
- I have two Django sites: how can I make users of site B login with the credentials on site A?
- Need one login for two different sites