-
Notifications
You must be signed in to change notification settings - Fork 0
ADFS Azure Authentication
Professor Colin Turner edited this page Nov 3, 2025
·
1 revision
To enable Azure authentication, you will need to install some more requirements
pip3 install django-auth-adfs
Your local_settings.py, for testing, should look a bit like this:
These settings override anything in settings.py
DEBUG = True
ALLOWED_HOSTS = ["127.0.0.1", "localhost"]
# We need the ADFS authentication, but also the other backend for admins
AUTHENTICATION_BACKENDS = (
'django_auth_adfs.backend.AdfsAuthCodeBackend',
'django.contrib.auth.backends.ModelBackend',
)
INSTALLED_APPS = (
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'django.contrib.admindocs',
# Allow for ADFS authentication
'django_auth_adfs',
# Other extensions for debugging
'django_extensions',
# This requires installation of django-debug-toolbar
'debug_toolbar',
'loads'
)
# Next the information for ADFS - you will need to have an app added in Azure
client_id = 'get this from your Azure Admin'
tenant_id = 'get this from your Azure Admin'
client_secret = 'get this from your Azure Admin, and ideally set as an ENV variable'
# And from this we configure ADFS
AUTH_ADFS = {
'AUDIENCE': client_id,
'CLIENT_ID': client_id,
'CLIENT_SECRET': client_secret,
'CLAIM_MAPPING': {'first_name': 'given_name',
'last_name': 'family_name',
'email': 'upn'},
'GROUPS_CLAIM': 'roles',
'MIRROR_GROUPS': True,
'USERNAME_CLAIM': 'upn',
'TENANT_ID': tenant_id,
'RELYING_PARTY_ID': client_id,
}
# Configure django to redirect users to the right URL for login
LOGIN_URL = "django_auth_adfs:login"
LOGIN_REDIRECT_URL = "/"
# Define any URLs that are exempt below.
#LOGIN_EXEMPT_URLS = []
MIDDLEWARE = (
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.admindocs.middleware.XViewMiddleware',
# Add middleware for the DEBUG toolbar
'debug_toolbar.middleware.DebugToolbarMiddleware',
# With this you can force a user to login without using
# the LoginRequiredMixin on every view class#
# You can specify URLs for which login is not enforced by
# specifying them in the LOGIN_EXEMPT_URLS setting.
'django_auth_adfs.middleware.LoginRequiredMiddleware',
)
User Help
- Help for External Examiners
- Help for Academic Staff
- Help for School Leaders and Managers
Admin Help
- Configuration
- Staff Workload
- Task Reminders
- Assessment Handling
Technical Help