Login Middleware

django-auth-adfs ships with a middleware class named LoginRequiredMiddleware. You can use it to force an unauthenticated user to login and be redirected to the URL specified in in Django’s LOGIN_URL setting without having to add code to every view.

By default it’s disabled for the page defined in the LOGIN_URL setting and the redirect page for ADFS. But by setting the LOGIN_EXEMPT_URLS setting, you can exclude other pages from authentication. Have a look at the Settings Reference for more information.

To enable the middleware, add it to MIDDLEWARE in settings.py (or MIDDLEWARE_CLASSES if using Django <1.10. make sure to add it after any other session or authentication middleware to be sure all other methods of identifying the user are tried first.

In your settings.py file, add the following:

MIDDLEWARE = (
    ...
    'django_auth_adfs.middleware.LoginRequiredMiddleware',
)

AUTH_ADFS = {
    ...
    "LOGIN_EXEMPT_URLS": ["api/", "public/"],
    ...
}