Authentication to FAS

The Fedora Account System has a JSON interface that we make use of to authenticate users in our web apps. Currently, there are two modes of operation. Some web apps have single sign-on capability with Fedora Account System. These are the TurboGears applications that use the jsonfasprovider. Other apps do not have single sign-on but they do connect to Fedora Account System to verify the username and password so changing the password in Fedora Account System changes it everywhere.

TurboGears Identity Provider 2

An identity provider with CSRF protection.

This will install as a TurboGears identity plugin. To use it, set the following in your APPNAME/config/app.cfg file:

identity.provider='jsonfas2'
visit.manager='jsonfas2'

See also

CSRF Protection

Turbogears Identity Provider 1

These methods are deprecated because they do not provide the CSRF protection of TurboGears Identity Provider 2. Please use that identity provider instead.

Flask FAS OpenId Auth Plugin

The flask_openid provider is an alternative to the flask_fas auth plugin. It leverages our FAS-OpenID server to do authn and authz (group memberships). Note that not every feature is available with a generic OpenID provider – the plugin depends on the OpenID provider having certain extensions in order to provide more than basic OpenID auth.

If the provider you use does not support one of these extensions, the plugin should still work but naturally, it will return empty values for the information that the extension would have provided.