# Authentication Backends¶

QATrack+ has a few different methods of authenticating users:

• The built in Django backend. No additional configuration is required but users and their group memberships need to be managed manually.
• Active Directory. Use your hospitals AD system for managing users and groups.
• Active Directory Federiation Services. Use your hospitals AD FS system for managing users and groups.

## Active Directory¶

Using an existing Active Directory server to do your user authentication is a great way to simply the management of users for your QATrack+ system. It’s especially convenient for your users that they don’t have to remember “yet another password” and can simply use their network logon. QATrack+ comes with an Active Directory backend and it’s configuration will be described below.

### Installation of python-ldap¶

#### Windows¶

If you happen to be on a Windows system with Visual Studio installed, you should just be able to do pip install python-ldap and have the latest version of the pyldap package installed. Otherwise, there are binaries available on this page: https://www.lfd.uci.edu/~gohlke/pythonlibs/#python-ldap. Download the binary relevant to your Python 3 installation (e.g. python_ldap‑3.3.1‑cp36‑cp36m‑win_amd64.whl) and then pip install it:

pip install C:\path\to\python_ldap‑3.3.1‑cp36‑cp36m‑win_amd64.whl


cd C:\deploy
.\venvs\qatrack3\scripts\activate
python -c "import ldap; print(ldap.__version__)"


If that commands prints the ldap version then ldap is installed correctly.

#### Linux¶

There are some pre-requisistes that need to be installed before python-ldap.

At the time of writing on Ubuntu this looks like:

sudo apt-get install build-essential python3-dev python2.7-dev \
libldap2-dev libsasl2-dev slapd ldap-utils

source ~/venvs/qatrack3/bin/activate
pip install python-ldap


See https://www.python-ldap.org/en/latest/installing.html for more details.

### Configuring QATrack+ to use your Active Directory Server¶

Copy the following lines to your local_settings.py file:

#-----------------------------------------------------------------------------
# Authentication backend settings
AUTHENTICATION_BACKENDS = (
'django.contrib.auth.backends.ModelBackend',
'qatrack.accounts.backends.ActiveDirectoryGroupMembershipSSLBackend',
)

# active directory settings (not required if only using ModelBackend

# If using non-SSL use these

# If using SSL use these:

AD_NT4_DOMAIN = "YOURDOMAIN"  # Network domain that AD server is part of

AD_SEARCH_FIELDS = ['mail', 'givenName', 'sn', 'sAMAccountName', 'memberOf']

AD_DEBUG = False # set to True and restart QATrack+ CherryPy Service if you need to debug AD Connection


You will also obviously have to modify AD_DNS_NAME1, AD_SEARCH_DN and AD_NT4_DOMAIN to suit your own Active Directory setup. The complete set of Active Directory settings are described here: Active Directory Settings.

After you have saved that file, you will need to restart your application server (or for example your CherryPy service).

## Active Directory Federation Services (ADFS)¶

As of version 3.1.0 comes with an ADFS backend for Single Sign On (SSO). This can provide a convenient way for your users to log into QATrack+ using their hospital network login.

AUTHENTICATION_BACKENDS = [
'qatrack.accounts.backends.QATrackAccountBackend',
# or comment above and uncomment below
]


### Configuring QATrack+ to use ADFS¶

Copy the following lines to your local_settings.py file:

AUTHENTICATION_BACKENDS = [
'qatrack.accounts.backends.QATrackAccountBackend',
]

"CLIENT_ID": "qatrackplus",
"RELYING_PARTY_ID": "https://your.qatrackserver.com",
"AUDIENCE": "https://your.qatrackserver.com",
"CLAIM_MAPPING": {
"first_name": "given_name",
"last_name": "family_name",
"email": "email"
},
`