tkrajca
commented
10 years ago @adonm @slurms
Open tkrajca opened 10 years ago
tkrajca
commented
10 years ago @adonm @slurms
adonm
commented
10 years ago +1
Hi,
Currently, persona-totp is a good example of a persona identity provider but it is not extensible, reusable or modular in that it has templates, verify function, etc. hard-coded.
We would like to verify identities against our internal AD controller and use custom templates. Specifically, this is a list of features that we're missing in persona-totp:
1) Custom location of RSA key (we might want to use our domain ssl certificate) 2) Support for custom templates (authenticate, provision) 3) Custom verify method (so that we can authenticate against AD).
Nice-to-haves 1) Add setup.py, make it a python module that can be installed with pip/easy_install, can be imported, customized and ran as a standalone app, is available on pypi.
Maybes: 1) Replace some of the functions with library functions from https://github.com/brianloveswords/python-jws or https://github.com/mozilla/PyBrowserID, for example sign.
To accomplish all that, I propose that we encapsulate the functionality in a class PersonaIDP. RSA key location, template file locations and the verify method be properites of the class, they can be overwritten by passing parameters to the class' constructor. This class to be written in a way so that people can easily subclass it and modify its bits and pieces to their liking.
I would like to include two use case examples as part of the repository - totp and ldap auth.
example wsgi.py
We use django a lot, ... :)
I renamed our fork of your persona-totp to https://github.com/dpaw2/persona-idp and started to do some basic work on what I described above.