OpenKAT supports external authentication using Django’s built-in remote user authentication. Make sure that you read the warning in the Django documentation before you configure this.
Configuration of this can be done using two environments variables. The
REMOTE_USER_HEADER variable specifies the header that has the e-mail address
that is used as username in OpenKAT. Setting this variable will also enable the
remote user backend. The
REMOTE_USER_DEFAULT_ORGANIZATIONS variable is
optional and is a comma separated list of “organisation:group” items and
configures which organisation every remote user get access to by default. The
REMOTE_USER_DEFAULT_ORGANIZATIONS will override any changes made and
if someone is removed from a group that is listed they will automatically be
added back the next time they use OpenKAT using remote user authentication.
This will use the value of
X-Email HTTP header as the e-mail address for the
user account. Every user will be added to org1 with admin permissions and to org
with client permissions.
An easy solution for configuring single-sign on using OAuth is oauth2-proxy.