Is it possible to set up SSO so that once users (owners,moderators) set up an account in Postorius on the mailman3 server we have created , they can authenticate against Azure to login instead of the password for the local account Postorius created?
bryan.kartzman@yu.edu writes:
Is it possible to set up SSO so that once users (owners,moderators) set up an account in Postorius on the mailman3 server we have created , they can authenticate against Azure to login instead of the password for the local account Postorius created?
Probably yes. This depends on how Azure passes on authentication data.
I've done this with Shibboleth as the SAML 2.0 Service Provider. It's basically one line in /etc/shibboleth/attributes.xml[1], one line in the httpd conffile, and a short Python library wrapping Django's backend and middleware for the RemoteUser[2] class. I also populate the Mailman User profile with display name, email, etc, from the Identity Provider requiring one line per additional attribute in the same places.
If this basic architecture works for you, depending on your WSGI provider, you may be able to eliminate the httpd conf. If you don't care about anything but the user id, you may be able to use the stock RemoteUser class. But I know nothing about how Azure does authentication, so I'll leave it there for now.
Footnotes: [1] I've probably spelled that incorrectly, but you'll know it when you see it. :-)
[2] This one, too. :-/
participants (2)
-
bryan.kartzman@yu.edu
-
Stephen J. Turnbull