There are many solutions for third-party decentralized authentication that are pretty simple to set up: log in with Facebook credentials, OpenID, OAuth etc.
How can I do something similar inside the firewall, in a Windows domain environment?
The scenario:
- Python web application inside the firewall, hosted on a Linux server.
- Users have Windows desktops and authenticate to a Windows domain
I know I can validate a username/password against Active Directory using LDAP, but that is not what I want. I don’t want my app to handle the username/password at all. I want it to work as OpenID does, i.e. my app redirects the user to some sort of Windows identity provider web page.
Is there a out-of-the-box Windows/IIS solution for this?
EDIT:
- Could Windows Identity Foundation be what I’m looking for? Or perhaps WIF has the building blocks?
At the risk of giving too many answers, it sounds to me like ADFS 2.0 is your path of least resistance. As far as integrating claims based access into your python application, I’ve seen pysaml2 recommended as a way to do this, but I can’t speak from experience.