django-saml2-auth icon indicating copy to clipboard operation
django-saml2-auth copied to clipboard

Published 20 hours ago verified publisher icon fangli

Plugin Architecture

Open ambsw-technology opened this issue 6 years ago • 4 comments
trafficstars

The tooling (intentionally) lacks a bunch of features that have been requested (and even PR'd) by the community. I understand your desire to keep it simple and not take on the support headache of an ever-expanding feature list.

Instead, would you be open to a PR that converts big parts of the infrastructure into plugins (where the current behavior is the default). This would make it easier for 3rd parties to create reusable components. Examples from my own issues/PRs:

  • Loading configurations. Support for env-based configuration could be hosted in a reusable plugin that is a drop-in replacement for current strategies.
    • Someone could even offer dedicated configuration plugins for environments (e.g. ADFS and OKTA) that default required configurations to further simplify new configurations. We certainly had issues getting ADFS right.
  • Login Processing. We also have issues with case sensitivity since the IdP uses unpredictable case and Django is case sensitive.
  • Logoff. Single LogOff could be supported by a third party plugin.
  • Unauthenticated Redirection. We redirect users to the login page although next doesn't appear to be relayed correctly.

ambsw-technology avatar Sep 19 '19 20:09 ambsw-technology

I have a really rough refactor on our plugin-system branch and an example of how my inline metadata PR would be (re)implemented as a plugin in the django-saml2-auth-metadata-inline repo.

In this model, the only thing the main repo has to worry about is default behaviors and the scope of plugins. In general, it'd be better to wrap the plugin handlers with BEFORE_X and AFTER_X triggers so they always run, but I started with a minimal cut-paste refactor to make the point. I may have made additional changes by the time you review it.

ambsw-technology avatar Sep 19 '19 22:09 ambsw-technology

There are open PRs in this library from @lllama @aligx @cochiseruhulessin @favorable-mutation @velapartners @apexJCL @anthonyeden @liamkinney @chriskj @luzik @alexazevedo @avallbona @jianyuan @pappacena @kronion @alxbridge @kevPo @kronion @HappyTepid @jheld.

Would any of you be interested in (re)implementing your request as a 3rd party plugin for a Django SAML2 library refactored to be friendly to plugins (or a PR to that library if absolutely necessary)? If fangli isn't open to the approach, I'd be happy to move it to an organization that would host both the main library and contributed plugins.

ambsw-technology avatar Sep 20 '19 14:09 ambsw-technology

We certainly had issues getting ADFS right.

Do you have a sample for ADFS v3?

srinathganesh1 avatar Mar 02 '20 21:03 srinathganesh1

Thanks for reaching out! My PR is just a documentation update, so unfortunately, I don't think I'll be of much help here. Best of luck, though!

favorable-mutation avatar Mar 02 '20 23:03 favorable-mutation