Frequently Asked Questions¶
Why am I always redirected to
/accounts/profile/ after login?¶
This is default Django behaviour. You can change it by setting the Django setting named LOGIN_REDIRECT_URL.
How do I store additional info about a user?¶
django_auth_adfs can only store information in existing fields of the user model.
If you want to store extra info, you’ll have to extend the default user model with extra fields and adjust
the CLAIM_MAPPING setting accordingly.
I’m receiving an
SSLError: CERTIFICATE_VERIFY_FAILED error.¶
double check your
CA_BUNDLE setting. Most likely your ADFS server is using a certificate signed by an
enterprise root CA. you’ll need to put it’s certificate in a file and set
CA_BUNDLE to it’s path.
I’m receiving an
KeyError: 'upn' error when authenticating against Azure AD.¶
In some circumstances, Azure AD does not send the
upn claim used to determine the username. It’s observed to happen
with guest users who’s source in the users overview of Azure AD is
Microsoft Account instead of
Azure Active Directory.
In such cases, try setting the USERNAME_CLAIM to
upn. Or create a
new user in your Azure AD directory.
Why am I prompted for a username and password in Chrome/Firefox?¶
By default, ADFS only triggers seamless single sign-on for Internet Explorer or Edge.
Have a look at the ADFS configuration guides for details about how to got this working for other browsers also.
Why is a user added and removed from the same group on every login?¶
This can be caused by having a case insensitive database, such as a
MySQL database with default settings.
You can read more about collation settings
in the official documentation.
The redirect_uri starts with HTTP, while my site is HTTPS only.¶
When you run Django behind a TLS terminating webserver or load balancer, then Django doesn’t know the client arrived
over a HTTPS connection. It will only see the plain HTTP traffic. Therefor, the link it generates and sends to ADFS
redirect_uri query parameter, will start with HTTP, instead of HTTPS.
To tell Django to generate HTTPS links, you need to set it’s
SECURE_PROXY_SSL_HEADER setting and inject the correct
HTTP header and value on your web server.
For more info, have a look at Django’s docs.