We have a couple of websites for which we are looking to implement Single Sign on. These are both Django / Wagtail websites. They both currently are using the standard Django login for authentication. We want to make it so that if a user logs into one of the websites they are automatically logged into the other and the same for logging out.

I've done a google search and OpenID Connect seems to come up a lot of times but it seems to have quite a steep learning curve and I suspect a lot of it isn't relevant to my specific situation and I don't want to get lost down a long maze of technical details.

It seems like I need to run my own OpenID Connect server which I have not done before. I've even tried looking on Docker Hub for a dockerised solution but I didn't find any of them with adequate documentation.

Ideally I would like a solution where I could just add in a new Django authentication backend and perhaps just configure the host and port of the identity server in some settings file, Additionally I need to migrate the user database to the identity server some how whilst trying to keep the password hashing algorithm the same so that everyone doesn't have to reset their passwords so if anyone has done that.

Has anyone done this before and is prepared to give me a little bit of guidance on what packages they chose, any special handling of RSA keys, and network setup?