104
104
When a user logs in, they will be added or removed from the relevant
105
105
teams listed in the mapping.
107
If you have already django-groups and want to map these groups automatically, you can use the OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO variable in your settings.py file.
107
If you have already django-groups and want to map these groups automatically,
108
you can use the OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO variable in your
109
111
OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO = True
111
If you use OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO, the variable OPENID_LAUNCHPAD_TEAMS_MAPPING will be ignored.
112
If you want to exclude some groups from the auto mapping, use OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO_BLACKLIST. This variable has only an effect if OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO is True.
113
If you use OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO, the variable
114
OPENID_LAUNCHPAD_TEAMS_MAPPING will be ignored.
115
If you want to exclude some groups from the auto mapping, use
116
OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO_BLACKLIST. This variable has only an effect
117
if OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO is True.
114
119
OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO_BLACKLIST = ['django-group1', 'django-group2']
145
153
== Use as /admin (django.admin.contrib) login ==
147
If you require openid authentication into the admin application, add the following setting:
155
If you require openid authentication into the admin application, add the
149
158
OPENID_USE_AS_ADMIN_LOGIN = True
151
It is worth noting that a user needs to be be marked as a "staff user" to be able to access the admin interface. A new openid user will not normally be a "staff user".
152
The easiest way to resolve this is to use traditional authentication (OPENID_USE_AS_ADMIN_LOGIN = False) to sign in as your first user with a password and authorise your
153
openid user to be staff.
160
It is worth noting that a user needs to be be marked as a "staff user" to be
161
able to access the admin interface. A new openid user will not normally be a
163
The easiest way to resolve this is to use traditional authentication
164
(OPENID_USE_AS_ADMIN_LOGIN = False) to sign in as your first user with a
165
password and authorise your openid user to be staff.
155
167
== Change Django usernames if the nickname changes on the provider ==
157
If you want your Django username to change when a user updates the nickname on their provider, add the following setting:
169
If you want your Django username to change when a user updates the nickname on
170
their provider, add the following setting:
159
172
OPENID_FOLLOW_RENAMES = True
161
174
If the new nickname is available as a Django username, the user is renamed.
162
Otherwise the user will be renamed to nickname+i for an incrememnting value of i until no conflict occurs.
163
If the user has already been renamed to nickname+1 due to a conflict, and the nickname is still not available, the user will keep their existing username.
175
Otherwise the user will be renamed to nickname+i for an incrementing value of
176
i until no conflict occurs. If the user has already been renamed to nickname+1
177
due to a conflict, and the nickname is still not available, the user will keep
178
their existing username.
165
180
== Require a valid nickname ==
167
If you must have a valid, unique nickname in order to create a user accont, add the following setting:
182
If you must have a valid, unique nickname in order to create a user account, add
183
the following setting:
169
185
OPENID_STRICT_USERNAMES = True
171
This will cause an OpenID login attempt to fail if the provider does not return a 'nickname' (username) for the user, or if the nickname conflicts with an existing user with a different openid identiy url.
172
Without this setting, logins without a nickname will be given the username 'openiduser', and upon conflicts with existing username, an incrementing number will be appended to the username until it is unique.
187
This will cause an OpenID login attempt to fail if the provider does not return
188
a 'nickname' (username) for the user, or if the nickname conflicts with an
189
existing user with a different openid identity url. However, a
190
"openid_duplicate_username" signal is also sent to give a project the chance to
192
Without this setting, logins without a nickname will be given the username
193
'openiduser', and upon conflicts with existing username, an incrementing number
194
will be appended to the username until it is unique.
174
196
== Require Physical Multi-Factor Authentication ==
176
If your users should use a physical multi-factor authentication method, such as RSA tokens or YubiKey, add the following setting:
198
If your users should use a physical multi-factor authentication method, such as
199
RSA tokens or YubiKey, add the following setting:
178
201
OPENID_PHYSICAL_MULTIFACTOR_REQUIRED = True
180
If the user's OpenID provider supports the PAPE extension and provides the Physical Multifactor authentication policy, this will
181
cause the OpenID login to fail if the user does not provide valid physical authentication to the provider.
203
If the user's OpenID provider supports the PAPE extension and provides the
204
Physical Multifactor authentication policy, this will cause the OpenID login to
205
fail if the user does not provide valid physical authentication to the
183
208
== Override Login Failure Handling ==
185
You can optionally provide your own handler for login failures by adding the following setting:
210
You can optionally provide your own handler for login failures by adding the
187
213
OPENID_RENDER_FAILURE = failure_handler_function
189
Where failure_handler_function is a function reference that will take the following parameters:
215
Where failure_handler_function is a function reference that will take the
216
following parameters:
191
218
def failure_handler_function(request, message, status=None, template_name=None, exception=None)