diff --git a/gracedb/api.py b/gracedb/api.py
index df040313e0ade7f69db18d40683c604f042d54ac..a827d582d11cee6c8ddb3eace3568591f5b81c5d 100644
--- a/gracedb/api.py
+++ b/gracedb/api.py
@@ -134,11 +134,27 @@ def reverse(name, *args, **kw):
 
     return rest_framework_reverse(name, *args, **kw)
 
+# 
+# We do not want to handle authentication here because it has already
+# been taken care of by Apache/Shib or Apache/mod_ssl. Moreover the 
+# auth middleware has already added a user to the request object. To
+# play well with the django rest framework, we need to pretend like we
+# authenticated the user. Remember that the request object here is a 
+# *wrapped* version of the Django request, so we have to dig inside it
+# for the user.
+#
 class LigoAuthentication(authentication.BaseAuthentication):
     def authenticate(self, request):
-        # XXX This makes little sense. https://bugs.ligo.org/redmine/issues/920
+        user = None
+        try:
+            user = request._request.user
+        except:
+            pass
 
-        raise exceptions.AuthenticationFailed("Bad user")
+        if isinstance(user, DjangoUser):
+            return (user, None)
+        else:
+            raise exceptions.AuthenticationFailed("Bad user")
 
 #class EventSerializer(serializers.ModelSerializer):
 #    # Overloaded fields.