I get a SSL: CERTIFICATE_VERIFY_FAILED error with the latest version when the CAS server uses a self-signed certificate. I didn't get this error with the previous version 3.5.5.

I downgraded to 3.5.5 and it works for me, but I thought you might want to know...

I'm new to CAS authentication, but your readme state you support version 1, 2 and 3, but I still get a Unsupported CAS_VERSION 3 error message.

I set CAS_VERSION = 3 in settings.py but sure about that as either the doc is not up-to-date or this you support only sever version 3.x and protocol up to 2.x. Could you clarify this point?

Error stack

Environment:


Request Method: GET
Request URL: http://127.0.0.1:8000/accounts/login/?next=%2F&ticket=ST-202254-knFSXLbmMob5s01DKQtw-sso.y-nov.com

Django Version: 1.8.1
Python Version: 3.4.0
Installed Applications:
('django.contrib.admin',
 'django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'portal')
Installed Middleware:
('django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.common.CommonMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'django.middleware.clickjacking.XFrameOptionsMiddleware',
 'django.middleware.security.SecurityMiddleware')


Traceback:
File "/home/elopez/.virtualenvs/ynov/lib/python3.4/site-packages/django/core/handlers/base.py" in get_response
  132.                     response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/home/elopez/.virtualenvs/ynov/lib/python3.4/site-packages/django_cas_ng/views.py" in login
  102.         user = authenticate(ticket=ticket, service=service, request=request)
File "/home/elopez/.virtualenvs/ynov/lib/python3.4/site-packages/django/contrib/auth/__init__.py" in authenticate
  66.     for backend, backend_path in _get_backends(return_tuples=True):
File "/home/elopez/.virtualenvs/ynov/lib/python3.4/site-packages/django/contrib/auth/__init__.py" in _get_backends
  27.         backend = load_backend(backend_path)
File "/home/elopez/.virtualenvs/ynov/lib/python3.4/site-packages/django/contrib/auth/__init__.py" in load_backend
  21.     return import_string(path)()
File "/home/elopez/.virtualenvs/ynov/lib/python3.4/site-packages/django/utils/module_loading.py" in import_string
  26.     module = import_module(module_path)
File "/home/elopez/.virtualenvs/ynov/lib/python3.4/importlib/__init__.py" in import_module
  109.     return _bootstrap._gcd_import(name[level:], package, level)
File "/home/elopez/.virtualenvs/ynov/lib/python3.4/site-packages/django_cas_ng/backends.py" in <module>
  229.     raise ValueError('Unsupported CAS_VERSION %r' % settings.CAS_VERSION)

Exception Type: ValueError at /accounts/login/
Exception Value: Unsupported CAS_VERSION 3

Our CAS server is returning names longer than the 30 characters in some instances (our source auth is kerberos which allows 256 chars), as a result we get stack traces when using django-cas-ng of this sort:

Traceback (most recent call last):
  File "/app/.heroku/python/lib/python2.7/site-packages/django/core/handlers/base.py", line 132, in get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/app/.heroku/python/lib/python2.7/site-packages/django_cas_ng/views.py", line 103, in login
    user = authenticate(ticket=ticket, service=service, request=request)
  File "/app/.heroku/python/lib/python2.7/site-packages/django/contrib/auth/__init__.py", line 74, in authenticate
    user = backend.authenticate(**credentials)
  File "/app/.heroku/python/lib/python2.7/site-packages/django_cas_ng/backends.py", line 256, in authenticate
    user = User.objects.create_user(username, '')
  File "/app/.heroku/python/lib/python2.7/site-packages/django/contrib/auth/models.py", line 187, in create_user
    **extra_fields)
  File "/app/.heroku/python/lib/python2.7/site-packages/django/contrib/auth/models.py", line 182, in _create_user
    user.save(using=self._db)
  File "/app/.heroku/python/lib/python2.7/site-packages/django/db/models/base.py", line 710, in save
    force_update=force_update, update_fields=update_fields)
  File "/app/.heroku/python/lib/python2.7/site-packages/django/db/models/base.py", line 738, in save_base
    updated = self._save_table(raw, cls, force_insert, force_update, using, update_fields)
  File "/app/.heroku/python/lib/python2.7/site-packages/django/db/models/base.py", line 822, in _save_table
    result = self._do_insert(cls._base_manager, using, fields, update_pk, raw)
  File "/app/.heroku/python/lib/python2.7/site-packages/django/db/models/base.py", line 861, in _do_insert
    using=using, raw=raw)
  File "/app/.heroku/python/lib/python2.7/site-packages/django/db/models/manager.py", line 127, in manager_method
    return getattr(self.get_queryset(), name)(*args, **kwargs)
  File "/app/.heroku/python/lib/python2.7/site-packages/django/db/models/query.py", line 920, in _insert
    return query.get_compiler(using=using).execute_sql(return_id)
  File "/app/.heroku/python/lib/python2.7/site-packages/django/db/models/sql/compiler.py", line 974, in execute_sql
    cursor.execute(sql, params)
  File "/app/.heroku/python/lib/python2.7/site-packages/django/db/backends/utils.py", line 64, in execute
    return self.cursor.execute(sql, params)
  File "/app/.heroku/python/lib/python2.7/site-packages/django/db/utils.py", line 97, in __exit__
    six.reraise(dj_exc_type, dj_exc_value, traceback)
  File "/app/.heroku/python/lib/python2.7/site-packages/django/db/backends/utils.py", line 64, in execute
    return self.cursor.execute(sql, params)
DataError: value too long for type character varying(30)

Would you be interested in a patch to do some automated truncation of some sort in this project, or am I better off trying a custom user model, or patching the user.username field?

In my template:

    {% if not user.is_authenticated %}
        Login button links to CAS server
     {% endif %}

Under v 3.4.2 this works perfectly.

After upgrading to 3.5.2, the login button still displays after successful login. If I render {{user}} in the template, the user is AnonymousUser after login (same if I print(request.user) in the view). If this user now clicks the Login button a second time, CAS recognizes them as pre-authenticated and logs them in immediately.

It seems like the actual django login() call is no longer being invoked.

Downgrading for now.

I'm using django-cas-ng version 3.5.4 as a CAS client on a Django 1.6.10 client. The CAS client can receive the attributes from the CAS server just fine including is_superuser, and is_staff. The problem is this doesn't seem to be reflected on the user on the CAS client side.

Issue is that LOGIN_URL is supposed to handle named url patterns - https://docs.djangoproject.com/en/1.9/ref/settings/#login-url

Quite by accident, I discovered it doesn't by trying to set the LOGIN_URL to "casauth:sigin" in a Django app that I layer on top of django-cas-ng.

I will supply a pull request.

I was on version 3.4.2 with Django v1.9.x, and ran:

pip install --upgrade django-cas-ng==3.5.2

and found my Django version was forced up to 1.10. I was able to downgrade it manually, but that probably should not have happened automatically, right?

Hey Everyone,
So I noticed that in commit: ddd0ee2 the model changed the name of session to session_key. I think this will break anyones install that had the tables built previous to this commit. I think that we should ship migrations with the upcoming release and provide documentation on how to run them. I think I have a little bit of time to try and put this together if people think it is worth the effort.

If we do not want to provide migrations, I think the name should be changed back to session to avoid having to edit the database by hand.

Not sure if this is fixed in 3.4 ... I'm using 3.3 on account of my separate issue in #17, but once I got everything wired up in production I started getting SSLv3 errors. I've got a temporary hack in place in backends.py:

In place of page = urlopen(url) I'm using:

    import ssl
    import urllib.request
    https_sslv3_handler = urllib.request.HTTPSHandler(context=ssl.SSLContext(ssl.PROTOCOL_SSLv3))
    opener = urllib.request.build_opener(https_sslv3_handler)
    urllib.request.install_opener(opener)
    page = urllib.request.urlopen(url)

Which works! (tip from this ticket at python.org). This needs to be abstracted out and handled more elegantly. If I can get through the issue behind #17 perhaps I can clean this up and offer a PR.

The README.rst states:

Make sure your project knows how to log users in and out by adding these to your URL mappings:

(r'^accounts/login$', 'django_cas_ng.views.login'),
(r'^accounts/logout$', 'django_cas_ng.views.logout'),

You should also add an URL mapping for the CAS_PROXY_CALLBACK settings:

(r'^accounts/callback$', 'django_cas_ng.views.callback'),

However, when using this in Django 1.9.1, I get the following warning message:

RemovedInDjango110Warning: Support for string view arguments to url() is deprecated and will be removed in Django 1.10 (got django_cas_ng.views.login). Pass the callable instead.
  url(r'^login/$', 'django_cas_ng.views.login'),

RemovedInDjango110Warning: Support for string view arguments to url() is deprecated and will be removed in Django 1.10 (got django_cas_ng.views.logout). Pass the callable instead.
  url(r'^logout/$', 'django_cas_ng.views.logout'),

This should be fixed so that it does not break installations using Django 1.10 in the future.

I use django-cas-ng for a government installation, and we have certain logging requirements, including logging whenever privileges are changed on a webpage to the application log. I have already embedded a call django_cas_ng.views.login and django_cas_ng.views.logout in my own views, but I will submit a pull to add logging to these views and perhaps to django_cas_ng.backends.CASBackend as well.

Currently, any attributes returned by the CAS are placed into the request.session. This proves a bit fragile as if you want to do something with those attributes you have to check if they are in the session storage, pull them out of the session key/value store, and potentially check to see if the user in question was newly created.

I propose the following paths to give first class access to the attributes.

1. The authentication backend could send a signal on successful authentication, sending along the user, attributes, ticket and created indicating whether the user was just created.
2. In similar pattern to django-mama-cas a setting could specify some number of callbacks to be called with similar arguments as the signal.
3. The authentication backend could implement user creation/fetching in a method that was easy to override in order to add your own logic.

• Number 1 is my preference.
• Number 2 feels the same as 1 but less intuitive to most django users.
• Number 3 feels heavy and difficult to use.

Thoughts?

I'm don't feel like downloading an editor for this, so here are the relevant bits:

#: __init__.py:23
#, python-format
msgid "Login succeeded. Welcome, %s."
msgstr "Sie wurden reibungslos angemeldet. Willkommen, %s."

#: __init__.py:24
#, python-format
msgid "You are logged in as %s."
msgstr "Sie sind als %s angemeldet."

I have a super simple django-cas-ng test project with nothing installed but Django 1.7 and django-cas-ng, with these settings:

CAS_SERVER_URL = 'https://cas.oursite.edu/cas/login'
CAS_ADMIN_PREFIX = '/admin'
CAS_LOGOUT_COMPLETELY = True

plus the login/logout URLs shown in the docs.

With versions 3.1, 3.2 and 3.3, it works just fine. But when I upgrade to 3.4 or 3.4.1 I get:

http://127.0.0.1:8000/accounts/login?next=%2F&ticket=ST-2138-43ZolaFcMAeLcZjAK-cas.oursite.edu

    Forbidden
    Login failed.

(403 on the GET request as shown in runserver). Is there an additional setting or configuration I need to use when upgrading?

pip install django-cas-ng
after i logout , i find url like this cas/logout?url=http
and the redirect did not working,
after i change the 'url' to 'service' like: cas/logout?service=http
it work!.
if this is really a bug, can fix it? or i could try to fix it .

When setting CAS_VERSION to 2 instead of 3 and authenticating against mama-cas, the attributes don't seem to be parsed correctly (or mama-cas is sending them incorrectly).

This is how the HTTP transmission with the XML received from mama-cas looks like (obviously containing the attributes):

GET /cas/serviceValidate?ticket=ST-1432635545-euK4OEyAcuIaP6dVFm8RjW6ITVahB88Z&service=http%3A%2F%2F127.0.0.1%3A8070%2Faccounts%2Flogin%3Fnext%3D%252Fadmin%252F HTTP/1.1
Accept-Encoding: identity
User-Agent: Python-urllib/3.4
Connection: close
Host: 127.0.0.1:8090

HTTP/1.0 200 OK
Date: Tue, 26 May 2015 10:19:05 GMT
Server: WSGIServer/0.2 CPython/3.4.3
Cache-Control: max-age=0
Content-Type: text/xml
X-Frame-Options: SAMEORIGIN
Expires: Tue, 26 May 2015 10:19:05 GMT
Last-Modified: Tue, 26 May 2015 10:19:05 GMT

<cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas"><cas:authenticationSuccess><cas:user>al38</cas:user><cas:attributes><cas:last_name>RETRACTED</cas:last_name><cas:first_name>RETRACTED</cas:first_name><cas:username>RETRACTED</cas:username><cas:is_superuser>False</cas:is_superuser><cas:is_active>True</cas:is_active><cas:email>RETRACTED</cas:email><cas:last_login>2015-05-26 10:19:05.462158+00:00</cas:last_login><cas:full_name>RETRACTED</cas:full_name><cas:short_name>RETRACTED</cas:short_name><cas:date_joined>2015-05-20 06:34:13+00:00</cas:date_joined><cas:is_staff>False</cas:is_staff></cas:attributes></cas:authenticationSuccess></cas:serviceResponse>

This is how we hooked into django-cas-ng to check on the resulting attributes:

from django.dispatch import Signal
from django_cas_ng import signals as cas_signals

def print_all(*args, **kwargs):
    print(args, kwargs)

cas_signals.cas_user_authenticated.connect(print_all)

This is how the result of this hook looks like:

[26/May/2015 10:19:02]"GET /accounts/login?next=%2Fadmin%2F HTTP/1.1" 302 0
() {'sender': <django_cas_ng.backends.CASBackend object at 0x7f6310074cf8>, 'created': False, 'signal': <django.dispatch.dispatcher.Signal object at 0x7f6310fb4a20>, 'service': 'http://127.0.0.1:8070/accounts/login?next=%2Fadmin%2F', 'user': <User: RETRACTED>, 'ticket': 'ST-1432635545-euK4OEyAcuIaP6dVFm8RjW6ITVahB88Z', 'attributes': None}

As you can see, the attributes got lost somewhere.

On the other hand, the same process works fine when setting the CAS version to 3 where the attributes are nicely received and parsed.

Since we don't know if the bug is in mama-cas or django-cas-ng, please tell us if we should file a ticket with mama-cas instead.

seems that when i embed cas log in page with iframe, it does not work when do cas log out from other page which share same cas server.

I have a problem here at the U.S. National Library of Medicine. Our CAS server is protected by a CA SiteMinder httpd module that supports NIH wide login. When the user chooses the PIV login (using a PIV card), the encoding of the service parameter gets mangled a bit. So it goes like this:

• Django redirects to CAS with correct service URL
• CAS redirects to NIH Login with deeply encoded target including service URL
• NIH Login redirects to page that uses ActiveX and/or other technologies to validate PIV card
• This page redirects directly to CAS, with incorrectly encoded service URL
• CAS generates ticket for incorrect service URL
• Django fixes it
• django-cas-ng attempts to validate ticket, which fails

I'm thinking a way of fixing this (for me) is with a setting parameter that asks django-cas-ng to store the next page as a cookie, so that the service parameter presented to CAS includes only one level of encoding.

Generally, there should be no difference between service=https://casprotected.example.com/accounts/login?next=/admin and service=https://casprotected.example.com/accounts/login

Having explained the issue, I'll start working on a fix and see if you will accept a pull request.

We've just set up django-cas-ng (v3.5.6) and are seeing the following exception.

ImportError: No module named 'lxml' (4 additional frame(s) were not displayed) ... File "django_cas_ng/views.py", line 48, in login clean_sessions(client, request) File "django_cas_ng/views.py", line 155, in clean_sessions for slo in client.get_saml_slos(request.POST.get('logoutRequest')):

Looks like there is no reference to lxml in django-cas-ng and the reference is actually in python-cas. I am new to the Django packaging process but it seems as though python-cas ought to have lxml in its setup.py. Is that correct or are we doing something wrong?

One thing to note - your code now uses models. So shouldn't you update the doc to add the app in the installed apps list? My test case was throwing errors before I noticed this.

Also

• ProxyGrantingTicket.user foreign key to settings.AUTH_USER_MODEL
• ProxyGrantingTicket.date = models.DateTimeField(auto_now_add=True)
• SessionTicket.session = models.OneToOneField(Session, related_name="+")

Without these changes, Django 1.8 was throwing errors and warnings (about the last case).

Will supply a pull request.

I just recently downloaded django-cas-ng 3.5.4 and trying to integrate it with Django 1.6.1. I was doing the migration using schemamigration when I got this error.

south.exceptions.UnknownMigration: Migration 'django_cas_ng:0001_initial' probably doesn't exist.

I checked and it was there. What should I do next? Did I miss a step?

I'd prefer not to have the welcome message on login. A CAS_DISPLAY_WELCOME_MESSAGE setting would be greatly appreciated.

Hi,

I'm using django_cas_ng as a client to django-mama-cas (https://github.com/jbittel/django-mama-cas), so far so good both work perfect together.

Tried to use single sign out today, and got some problems:

First, django-mama-cas does not send the "logoutRequest" that some servers send, but only the xml payload in the post request body, so I changed the code in views.py:46 like this:

if request.method == 'POST' and (request.POST.get('logoutRequest') or request.META.get('CONTENT_TYPE') == 'text/xml'):

and also in views:154 like this:

def clean_sessions(client, request):
for slo in client.get_saml_slos(request.body):

I could not find any resource telling the standard requires the server to set logoutRequest.

Second, you need to be running version 3:
CAS_VERSION = 3

otherwise you get: 'CASClientV2' object has no attribute 'get_saml_slos'

After these changes everything works as expected!

Can these changes be incorporated into django_cas_ng? should I create a proper PR supporting both use cases (with and without logoutRequest parameter)?

Thanks in advance!

Hi, this lib breaks my test suit, it reports:

django.db.utils.ProgrammingError: relation "auth_user" does not exist"

If i run python manage.py makemigrations django_cas_ng && python manage.py migrate it works again.

pip freeze:

boto==2.38.0
click==6.0
Django==1.8.7
django-cas-ng==3.5.3
django-debug-toolbar==1.3.0
django-filter==0.11.0
django-mama-cas==1.2.0
django-mptt==0.7.4
django-nose==1.4.2
django-reversion==1.9.3
django-rosetta==0.7.6
django-storages-redux==1.3
django-suit==0.2.15
django-wysiwyg-redactor==0.4.9
djangorestframework==3.3.1
djangorestframework-gis==0.9.6
ecdsa==0.13
Fabric==1.10.0
geopy==1.11.0
gitdb==0.6.4
GitPython==1.0.1
Jinja2==2.8
MarkupSafe==0.23
microsofttranslator==0.5
nose==1.3.7
paramiko==1.16.0
pipdeptree==0.4.3
polib==1.0.7
psycopg2==2.6.1
pycrypto==2.6.1
python-cas==1.1.0
python-dotenv==0.1.3
requests==2.8.1
six==1.10.0
smmap==0.9.0
sqlparse==0.1.18
Unipath==1.0
wheel==0.24.0

Can you leave a email please?
I have a question , hope you can help.
Thanks a lot.

The new model changes are a pain without migrations. I can't distribute the new version to prod without having to go into the server and make the migrations myself. Please add an initial from 3.4.2 and the sessionticket change for 3.5.

Hi,
I use Django 1.6.1 in server
and get error:
'Module_six_moves_urllib_parse' object has no attribute 'urlencode'

Hello,

I'm using your plugin on a project using my school CAS (INSA Lyon). They changed the default url to call for the CAS V3 like that : https://login.insa-lyon.fr/cas/p3/serviceValidate.
The workaround I use is to edit url_suffix (line 208) from cas.py of python-cas : https://github.com/python-cas/python-cas/blob/master/cas.py#L208

Is it possible to make that configurable ? I can do the implementation if you guide me a little bit.

Thank you very much.

Hi,

I have a Django (1.7) project with a webapp site.
I have a protected url: /protected/index.
In my project/urls.py file:

    url(r'^protected/index$', webapp.views.protected, name='protected'),
    url(r'^accounts/login/$', 'django_cas_ng.views.login'),
    url(r'^accounts/logout/$', 'django_cas_ng.views.logout'),

In my project/settings.py file:

MIDDLEWARE_CLASSES = (
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
# CAS:
    'django_cas_ng.middleware.CASMiddleware',
)
# CAS:
CAS_SERVER_URL = "https://myserver/cas/"
AUTHENTICATION_BACKENDS = (
    'django.contrib.auth.backends.ModelBackend',
    'django_cas_ng.backends.CASBackend',
)

In my webapp/view.py file:

@login_required
def protected(request):
    return render(request, 'protected.html')

When I try to access the /protected/index url, I'm redirected to my CAS server for login:
https://myserver/cas?service=http%3A%2F%2Flocalhost%3A8000%2Faccounts%2Flogin%2F%3Fnext%3D%2Fprotected%2Findex%26next%3D%252Fprotected%252Findex

After a sucessful login, I'm getting a "Login failed" error and the CAS server response is:

<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
    <cas:authenticationFailure code='INVALID_SERVICE'>
        Ticket &#039;ST-xx does not match supplied service. The original service was &#039;http://localhost:8000/accounts/login/?next=/protected/index&amp;next=%2Fprotected%2Findex&#039; and the supplied service was &#039;http://localhost:8000/accounts/login/?next=/protected/index&amp;next=%2Fprotected%2Findex&amp;next=%2Fprotected%2Findex&#039;.
    </cas:authenticationFailure>
</cas:serviceResponse>

The service used for validation is not the same as the service used for login, it has more "next" parameters.

Is there something wrong in my configuration to generate more and more "next" parameters and get this issue?

Thanks.

Django allows usernames 'joe' and 'JOE' to exist simultaneously. There is an old ticket about this, but it's marked won't fix.

We have a user import script that brings in lots of users in advance. As a result of this script run, 'joe' might already exist in the system.

But then, the user might come along and log in as 'JOE'. CAS accepts this, and passes it to django-cas-ng, which happily creates a 2nd account for the same person.

There are various AUTHENTICATION_BACKEND fixes posted out there for this problem, but of course we're already using django_cas_ng as the backend, so that's not an option.

We'll ask to have our central CAS login page modified so that it lowercases usernames on submit. But it would be great if django-cas-ng could also have an option to lowercase the username passed to it from CAS, or to prevent creation of usernames that already exist with different cases.

Hello!

The README states that django-cas-ng supports 1.5 but it appears urllib_parse was introduced in Django 1.6.

Is there anything that can be done to support 1.5?

Thanks :)

Is it possible to create the base python library for the CAS clients without being tied to Django and have a separate module for Django using the library instead of all being together?

p.s. started working on this. I need to create CAS authentication for Askbot, and would like to use just the purely cas-related code that is available in django-cas-ng and create the django binding custom for Askbot due to the way how authentication is implemented there.

If it would be possible to issue a new release once #11 is resolved, that would be excellent.

Well, first thing I couldn't come up with better title for issue so apologies. Now, to the situation I have django-mama-cas as my cas server, and I am using django-cas-ng on three other applications. I have followed instruction for django-cas-ng as specified on your github page. A simple scenario, my apps are A, B, C when I successfully login into A then switch to tab and request login page for B I should be logged into B automatically(If I am not wrong this is what SSO is meant to do). How using django-cas-ng and django-mama-cas I can achieve this?

I was wondering how to access additional attributes provided by the CAS server, looked through the documentation but didn't find anything referring to accessing the attributes.

Looked at the source code for the CASBackend and it looks like there is a session field 'attributes' which is set on authentication.

You might want to say this in README.md.

Thank you for writing the library by the way!

If we install django-cas-ng via pip, the locales binary .mo files are not build.
Maybe they should be included within the releases ?

It would be nice to be able to install a version of django_cas_ng from pypi that has the recently added support for django 1.7.

Hi,
I am new to python, django. But I need to integrate HUE in our system.

We need to use integerate SSO in HUE using CAS.

I have followed the steps given https://pypi.python.org/pypi/django-cas-ng

I am able to login using CAS server. But not getting redirect to my application home page after that.
Getting error like below. Please provide suggestion:

[17/Mar/2016 05:21:51 +0000] middleware INFO Processing exception: <urlopen error [Errno 110] Connection timed out>: Traceback (most recent call last):
File "/home/hue/rakhee/hue/build/env/local/lib/python2.7/site-packages/Django-1.6.10-py2.7.egg/django/core/handlers/base.py", line 112, in get_response
response = wrapped_callback(request, _callback_args, *_callback_kwargs)
File "/home/hue/rakhee/hue/build/env/local/lib/python2.7/site-packages/Django-1.6.10-py2.7.egg/django/db/transaction.py", line 371, in inner
return func(_args, *_kwargs)
File "/home/hue/rakhee/hue/build/env/local/lib/python2.7/site-packages/Django-1.6.10-py2.7.egg/django/views/decorators/csrf.py", line 57, in wrapped_view
return view_func(_args, *_kwargs)
File "/home/hue/rakhee/hue/build/env/local/lib/python2.7/site-packages/Django-1.6.10-py2.7.egg/django/views/decorators/http.py", line 41, in inner
return func(request, _args, _kwargs)
File "/home/hue/rakhee/hue/build/env/local/lib/python2.7/site-packages/django_cas_ng/views.py", line 60, in login
request=request)
File "/home/hue/rakhee/hue/build/env/local/lib/python2.7/site-packages/Django-1.6.10-py2.7.egg/django/contrib/auth/init.py", line 49, in authenticate
user = backend.authenticate(_credentials)
File "/home/hue/rakhee/hue/build/env/local/lib/python2.7/site-packages/django_cas_ng/backends.py", line 23, in authenticate
username, attributes, pgtiou = client.verify_ticket(ticket)
File "/home/hue/rakhee/hue/build/env/local/lib/python2.7/site-packages/cas.py", line 141, in verify_ticket
response = self.get_verification_response(ticket)
File "/home/hue/rakhee/hue/build/env/local/lib/python2.7/site-packages/cas.py", line 150, in get_verification_response
page = urllib_request.urlopen(url)
File "/usr/lib/python2.7/urllib2.py", line 127, in urlopen
return _opener.open(url, data, timeout)
File "/usr/lib/python2.7/urllib2.py", line 404, in open
response = self._open(req, data)
File "/usr/lib/python2.7/urllib2.py", line 422, in _open
'_open', req)
File "/usr/lib/python2.7/urllib2.py", line 382, in _call_chain
result = func(_args)
File "/usr/lib/python2.7/urllib2.py", line 1222, in https_open
return self.do_open(httplib.HTTPSConnection, req)
File "/usr/lib/python2.7/urllib2.py", line 1184, in do_open
raise URLError(err)
URLError: <urlopen error [Errno 110] Connection timed out>

Run ./manage.py syncdb. Is this mandatory?

Regards,
Rakhee

These are mutually exclusive fields and both should not be true

https://docs.djangoproject.com/en/1.8/ref/models/fields/#datefield

Hello,
I'm trying to use django-cas-ng with a CAS3.4 more SAML server.
The django-cas-ng version 3 does not pull the SAML information.
The django-cas-ng CAS_2_SAML_1_0 version does not pull the CAS user.
How can I do?
I am trying to merge the methods without success.

hi:
how to set slo with cas server 4.2, i do this but can't achive that . thx

Hey would it be possible to tag a 3.5.5 release?

Thanks,
Bryce

Just wanted to get a feel if anyone was interested in using https://www.transifex.com/django-cas-ng/ as a way to translate the strings in the project? This web interface allows one to click on the origin string, and add a translation through the web interface. This should make it a little easier for people that do not want to dig into the code to still help translating.

I know this is a small project and most people doing the translations are also developers, so maybe this is not needed.

Using master version from 2015-may-22 and following settings.

CAS_SERVER_URL = "https://sso.cas-server.com"
CAS_VERSION = 'CAS_2_SAML_1_0'

CAS_PROVIDE_URL_TO_LOGOUT = True
CAS_CREATE_USER = True
CAS_LOGOUT_COMPLETELY = True
CAS_USERNAME_ATTRIBUTE = 'login'

Environment:


Request Method: GET
Request URL: http://localhost:8000/accounts/login/?next=%2F&ticket=ST-207863-P5qbXgQiG3kdy2DyRCxo-sso.y-nov.com

Django Version: 1.8.2
Python Version: 3.4.0
Installed Applications:
('django.contrib.admin',
 'django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'portal')
Installed Middleware:
('django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.common.CommonMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'django.middleware.clickjacking.XFrameOptionsMiddleware',
 'django.middleware.security.SecurityMiddleware')


Traceback:
File "/home/elopez/.virtualenvs/ynov/lib/python3.4/site-packages/django/core/handlers/base.py" in get_response
  132.                     response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/home/elopez/.virtualenvs/ynov/lib/python3.4/site-packages/django_cas_ng/views.py" in login
  103.         user = authenticate(ticket=ticket, service=service, request=request)
File "/home/elopez/.virtualenvs/ynov/lib/python3.4/site-packages/django/contrib/auth/__init__.py" in authenticate
  74.             user = backend.authenticate(**credentials)
File "/home/elopez/.virtualenvs/ynov/lib/python3.4/site-packages/django_cas_ng/backends.py" in authenticate
  242.         username, attributes = _verify(ticket, service)
File "/home/elopez/.virtualenvs/ynov/lib/python3.4/site-packages/django_cas_ng/backends.py" in _verify_cas2_saml
  193.     page = urlopen(url, data=get_saml_assertion(ticket))
File "/usr/lib/python3.4/urllib/request.py" in urlopen
  153.     return opener.open(url, data, timeout)
File "/usr/lib/python3.4/urllib/request.py" in open
  453.             req = meth(req)
File "/usr/lib/python3.4/urllib/request.py" in do_request_
  1163.                 raise TypeError(msg)

Exception Type: TypeError at /accounts/login/
Exception Value: POST data should be bytes or an iterable of bytes. It cannot be of type str.

from cas import CASClient
ImportError: cannot import name CASClient

I put a lot of work into getting this project backed by a test suite as well as improving many parts of the codebase. I would like to request being added as a contributor to this project.

Latest available release seems not to include migrations.

Hi All,

I found the application session keys (request.session.session_key) is recreated at the django_cas_ng/views line: 65. This causes the session data get cleared of a successful login (django_cas_ng/views line: 63). This leads to a second successful CAS login is required to acquire a valid application session. If CAS SSO is disable, users have to login CAS twice to get a valid application session.

After I temporarily modify the "django_cas_ng/views line: 65" to "request.session.save()", this issue seems fixed.

Does anyone have any ideas for this issue? Any comment is appreciated!

-Chingo

Hi,

I'll love to update my projects to use django-cas-ng, would you accept pull requests for the following modifications?

It seems urllib ignores the no_proxy environment variable, so I switched to using requests, example here:
manelclos/django-cas2@b2f25b3

When using proxied connections (:80 to :8080) the hostname will change to have :8080 appended. I added a configuration option so this can be set in settings.py:
manelclos/django-cas2@4f570c5

Please let me know what you think.

Thanks!