Previously the default was not to remove an sso user from a team or as
an admin if they were removed from the SSO service. This changes that
and updates some readme-type lines.
This adds a field to the user object to denote whether and what kind of
user account it is.
For normal accounts this field will be null.
For social auth accounts it will be "social"
for radius accounts it will be "radius"
This change also prevents a radius user from changing their local
password thus bypassing the password caching feature of django-radius
The log message here does not indicate a login failure at all, in fact
it doesn't appear like we get a login failed message, they just don't
get authed.
* Move auth backends into sso app.
* Add support for mapping social auth users into organizations and teams.
* Return social auth backends in a consistent order in the API.
* Remove custom SAML attribute mapping and use options provided by PSA.
* Add pipeline function to raise an exception if no user has been found or created; added comments on how to disable new user creation.
* Add comments for defining a custom social auth pipeline function.
* Fix an issue I created overriding authenticate
* Fix up attribute mapping using an identity provider class. The
methods built into django-social-auth for saml are probably not going
to work. We also now expose those mappings in a settings attrs map
that the user can override.
