Reputation: 100886
Decentralized authentication against Windows domain
There are many solutions for third-party decentralized authentication that are pretty simple to set up: log in with Facebook credentials, OpenID, OAuth etc.
How can I do something similar inside the firewall, in a Windows domain environment?
The scenario:
- Python web application inside the firewall, hosted on a Linux server.
- Users have Windows desktops and authenticate to a Windows domain
I know I can validate a username/password against Active Directory using LDAP, but that is not what I want. I don't want my app to handle the username/password at all. I want it to work as OpenID does, i.e. my app redirects the user to some sort of Windows identity provider web page.
Is there a out-of-the-box Windows/IIS solution for this?
EDIT:
- Could Windows Identity Foundation be what I'm looking for? Or perhaps WIF has the building blocks?
Upvotes: 1
Views: 1786
Answers (3)
Reputation: 8141
At the risk of giving too many answers, it sounds to me like ADFS 2.0 is your path of least resistance. As far as integrating claims based access into your python application, I've seen pysaml2 recommended as a way to do this, but I can't speak from experience.
Upvotes: 2
Reputation: 46773
WIF together with Azure ACS will provide this out the box. e.g. Adding a Custom OpenID Provider to ACS… with JUST ONE LINE of PowerShell Code.
Or you could integrate with Dot Net Open Auth either with your own STS or using something like Identity Server.
Upvotes: 1
Related Questions
- Authenticating against active directory using python + ldap
- Passwordless Python LDAP3 authentication from Windows client
- Secure LDAP authentication w/python3 in windows domain
- NTLM authentication in Python
- Federated Authentication on Azure
- Ntlm/Kerberos authentication in Django
- Federated claims-based authentication and single sign-on
- WIF entry point, federated authentication
- How to implement active federation provider with WIF
- Create SAML Authentication request using WIF