ATTENZIONE! IL REPOSITORY E’ APERTO ESCLUSIVAMENTE ALL’IMMISSIONE DEI RAPPORTI TECNICI (COLLEZIONE 4.01). NON E’ POSSIBILE INSERIRE PRODOTTI IN TUTTE LE ALTRE COLLEZIONI, A CAUSA DI PROBLEMI TECNICI. THE REPOSITORY IS OPEN EXCLUSIVELY FOR THE SUBMISSION OF TECHNICAL REPORTS (COLLECTION 4.01). SUBMISSIONS TO ALL OTHER COLLECTIONS ARE TEMPORARILY UNAVAILABLE, DUE TO TECHNICAL ISSUES.
 

Integration of Django Web Applications with RAP and GMS via OIDC

Date Issued
March 27, 2026
Author(s)
DOI
Abstract
The Remote Authentication Portal (RAP) and the Group Management Service (GMS) are fundamental components of the IA2 (Italian center for Astronomical Archives) infrastructure, designed to provide centralized authentication and authorization services for the astronomical community. RAP acts as a Single Sign-On (SSO) provider, while GMS manages user permissions and group memberships. The integration of web applications with this ecosystem is typically achieved via the OpenID Connect (OIDC) protocol. However, the specific implementation of RAP requires certain architectural adjustments to ensure compatibility with standard libraries. For instance, typical OIDC flows rely on a userinfo_endpoint that may not be standard in the RAP environment, necessitating the extraction of user claims directly from the Identity Token (ID Token). This report presents a reference implementation and a “Starter Kit” for Django web applications. The solution utilizes the mozilla-django-oidc library with custom backend overrides to facilitate seamless authentication via RAP and efficient retrieval of user groups from the GMS API using OIDC Access Tokens.
Series
Report number
377
Uri
Rights
open.access
File(s)
Loading...
Thumbnail Image
Name

Integration of DjangoWeb Applications withRAP and GMS via OIDC - 1.0.0.pdf

Type

Postprint

Size

243.63 KB

Format

Adobe PDF

Checksum (MD5)

4585f55f79813948cd6d10a1587a57d6