Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OKTA Authentication #382

Open
dvpbandaru opened this issue Jan 23, 2024 · 1 comment
Open

OKTA Authentication #382

dvpbandaru opened this issue Jan 23, 2024 · 1 comment

Comments

@dvpbandaru
Copy link

Is your feature request related to a problem? Please describe.
OKTA Authentication

Describe the solution you'd like
OKTA Authentication is not able to integrate here, even though i have changed in production.py with all the necessary credentials, not able to see the authenticated page where as i still can see the login page

Describe alternatives you've considered
My code is something like below:
from .base import * # noqa
from .base import env

GENERAL

------------------------------------------------------------------------------

SECRET_KEY = env("DJANGO_SECRET_KEY")
hosts = env("DJANGO_ALLOWED_HOSTS", default="ghostwriter.local localhost host.docker.internal")
ALLOWED_HOSTS = hosts.split(" ")

DATABASES

------------------------------------------------------------------------------

DATABASES["default"] = env.db("DATABASE_URL") # noqa F405
DATABASES["default"]["ATOMIC_REQUESTS"] = True # noqa F405
DATABASES["default"]["CONN_MAX_AGE"] = env.int("CONN_MAX_AGE", default=60) # noqa F405

CACHES

------------------------------------------------------------------------------

... [rest of your CACHE settings] ...

SECURITY

------------------------------------------------------------------------------

... [rest of your SECURITY settings] ...

MEDIA

------------------------------------------------------------------------------

TEMPLATES

------------------------------------------------------------------------------

... [rest of your TEMPLATE settings] ...

EMAIL

------------------------------------------------------------------------------

... [rest of your EMAIL settings] ...

ADMIN

------------------------------------------------------------------------------

ADMIN_URL = env("DJANGO_ADMIN_URL")

Anymail (Mailgun)

------------------------------------------------------------------------------

... [rest of your Anymail settings] ...

django-compressor

------------------------------------------------------------------------------

... [rest of your django-compressor settings] ...

Collectfast

------------------------------------------------------------------------------

... [rest of your Collectfast settings] ...

LOGGING

------------------------------------------------------------------------------

... [rest of your LOGGING settings] ...

OKTA AUTHENTICATION

------------------------------------------------------------------------------

INSTALLED_APPS += ['okta_oauth2.apps.OktaOauth2Config'] # noqa F405
AUTHENTICATION_BACKENDS = ['okta_oauth2.backend.OktaBackend']

OKTA_AUTH = {
"ORG_URL": "https://company.oktapreview.com/app/UserHome",
"ISSUER": "https://company.oktapreview.com/",
"CLIENT_ID": "xxxxxxxxxxxxxxxxxxx",
"CLIENT_SECRET": "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy",
"REDIRECT_URI": "http://company.com/accounts/okta/callback/",
}

Your stuff...

------------------------------------------------------------------------------

Additional context
What could be the desired changes for this
@chrismaddalena
Copy link
Collaborator

Hey @dvpbandaru, I don't know of anyone who has used Okta with Ghostwriter, but it should be possible according to the documentation of the SSO library we use. Ghostwriter incorporates django-all-auth which enables you to use various SSO providers. Their docs mention this for Okta:

https://docs.allauth.org/en/latest/socialaccount/providers/okta.html

You might try that instead of adding in django-okta-auth. I don't have any experience with that plugin to check your configuration, but maybe someone else does. Most users who use an SSO provider (Google, Azure) do so via Django All Auth.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chrismaddalena @dvpbandaru