Grouprise as an Identity Provider

grouprise can act as an identity provider. This allows third party applications to use grouprise as an authentication backend. Users may use their grouprise login credentials (or even their active session) for accessing these third party applications.

Possible third party applications are:

• Matrix: instant messaging

• gitlab: issues and wiki

• MediaWiki: wiki

• … and many more.

Implementations

A variety of implementations exist. The provided protocol needs to be supported by the third party application. Multiple implementations (for different protocols) may be used in parallel.

The following list of Django applications implementing the various protocols is not exhaustive.

SAML

• djangosaml2idp:

  • no Debian package

  • not very active development, probably it is feature-complete

OpenID-Connect

• django-oidc-provider:

  • no Debian package

  • not very active development, probably it is feature-complete

• django-openid-op:

  • no Debian package

  • maintainer describes it as Under development, please do not use yet

CAS

• CAS Server:

  • Debian package is available

  • a separate login activity is required, since the grouprise session is not related to the CAS session (see django-cas-server#70)

OAuth

OAuth is focused on authorization. Thus, maybe it is not a suitable choice for authentication.

• Django OAuth Toolkit:

  • Debian package is available

Configuration

The above example implementations can be configured just like any other Django application in grouprise‘s settings file.