source: mauRepo/dj_security/trunk/README @ 8680

Subversion URL:
Revision 8680, 1.4 KB checked in by mnagni, 7 years ago (diff)

Improved the encryption of the user data inside the returned auth_ticket.
Adds a FAKE_RESPONSE for developing purpose.

1dj_security is a Django based application which should be deployed as
2authentication service. It validates a user identity adding to the
3response a cookie called 'auth_tkt' generated by the paste's authentication
5The application assume that a django.User model is used, as consequence inside
6the auth_tkt are encoded, inside the user_data parameter, information regarding
7the name, email, user/group roles, etc owned by the authenticated user.
8'user_data' has a JSON encoding format.
10In its default configuration it will reply to the incoming requests at path '/login'.
12The application contains a few configurable parameters concentrate in
141) SHARED_SECRET: the secret key used to encrypt the generated 'auth_tkt' cookie
152) the deafult dataset 'DB_xxx' parameters, that is:
17'NAME':     'DB_NAME',
18'USER':     'DB_USER',
20'HOST':     'DB_HOST',
21'PORT':     'DB_PORT',
223) NOT_ENCODE: the names in this list will be NOT encoded in the returned cookie
234) COOKIE_DOMAIN (optional): the domain where the auth_tkt will belong
24[default = where dj_security is deployed]
255) REDIRECT_URL (optional): the parameter used by the client application
26to specify where redirect the user whenever the authentication succeed
27[default = 'r']
286) FAKE_RESPONSE (optional): if set to 'True' returns a fake authentication cookies.
29Only for development purposes.
Note: See TracBrowser for help on using the repository browser.