Go to file
Kumi da49ddabcc
Add Django CAS authentication support
Introduce support for Central Authentication Service (CAS) alongside existing OIDC and SAML by integrating a new CAS server app and custom CAS authentication user model. Streamline sign-in infrastructure with updated URL patterns. As part of the update, refactor user model `username` resolution to leverage the email field directly. Includes necessary Django migrations to support new authentication features and removes a deprecated OIDC provider dependency.
2023-12-24 09:16:55 +01:00
.vscode Add Django CAS authentication support 2023-12-24 09:16:55 +01:00
authentication Add Django CAS authentication support 2023-12-24 09:16:55 +01:00
core Add Django CAS authentication support 2023-12-24 09:16:55 +01:00
doc Populate standard claims 2022-08-02 11:49:45 +02:00
frontend Fix authorize URL 2023-07-08 16:34:38 +02:00
kumidc Add Django CAS authentication support 2023-12-24 09:16:55 +01:00
ldap Start LDAP implementation 2023-09-14 14:44:51 +02:00
.gitignore Start SAML implementation 2022-08-22 09:37:16 +00:00
LICENSE Add license 2022-08-12 16:47:42 +00:00
README.md Lots of frontend work 2022-08-04 13:15:10 +02:00
config.dist.ini Start SAML implementation 2022-08-22 09:37:16 +00:00
manage.py Initial commit 2022-08-02 10:29:58 +02:00
requirements.txt Add Django CAS authentication support 2023-12-24 09:16:55 +01:00

README.md

KumiDC

KumiDC is a simple Django-based OpenID Connect identity provider.

At its core, it uses Django OpenID Connect Provider by Juan Ignacio Fiorentino to provide the actual OIDC functionality, and adds a few fancy things on top.

  • "Pretty" AdminLTE user interface
  • Time-based One-Time Passwords for Two Factor Authentication
  • Requirement to re-authenticate or enter 2FA token every five minutes

As it stands, this project is not complete. It works as an OIDC provider, although its security has not been tested to any extent.

We currently use it, in conjunction with oauth2-proxy, to add an authentication layer to applications on our internal network where protection against unauthorized access is not directly implemented, and not critical.