There are many solutions for third-party decentralized authentication that are pretty simple to set up: log in with Facebook credentials, OpenID, OAuth etc.
How can I do something similar inside the firewall, in a Windows domain environment?
The scenario:
I know I can validate a username/password against Active Directory using LDAP, but that is not what I want. I don't want my app to handle the username/password at all. I want it to work as OpenID does, i.e. my app redirects the user to some sort of Windows identity provider web page.
Is there a out-of-the-box Windows/IIS solution for this?
EDIT:
At the risk of giving too many answers, it sounds to me like ADFS 2.0 is your path of least resistance. As far as integrating claims based access into your python application, I've seen pysaml2 recommended as a way to do this, but I can't speak from experience.