Nothing, it should be ssowat that add this header. If you configure it with a classic permission (no skipped_uri)
Okay. I’m fine with that… Without it i get:
'HTTP_AUTHORIZATION': 'Basic XXXXXXXXXXXXXXXX=',
'HTTP_AUTH_USER': 'foo',
'HTTP_REMOTE_USER': 'foo',
Hm! btw. there are the basic auth header like:
'HTTP_AUTHORIZATION': 'Basic XXXXXXXXXXXXXXXX='
It contains username and password as plain text! So i assume that the user passwors is also stored by SSOwat in plaintext?!? Really?
EDIT: Ah! It seems that it’s only stored in plaintext in the cache:
But it’s a little strange…
OK, i’m ready!
I set no $remote_user heade in nginx.conf
I refactor the remove user middleware/authentication backend
Now a user logged in via SSO is logged in directly in the app.
Email, first/last name will be updated in django user model, too.
So i removed django-auth-ldap, because it’s now obsolete.
2 Likes
Think i will create a “django_ynh” app (next week) that will contain all needed stuff to combine a django project to a YunoHost app…
Because i use the same code parts in two projects:
1 Like
It might be a new helper that add this file: you can add suggestion here: https://github.com/YunoHost-Apps/Experimental_helpers
But there are only shell scripts, isn’t it?
I started the project here:
But it’s currently totaly broken and unuseable… Think i can work on it after xmas and if it’s ready i will use it in my both projects:
Thanks for sharing 
I made it work too, by using the HTTP_EMAIL Django header. I use gunicorn — I did not get how to forward the EMAIL http header without it being prefixed by HTTP_.
I still have to modify the third-party app settings/base.py to register the middlewares but I’m making progress.