Comments (8)
Single Sign On perfectly work out of the box with django-cas-ng and jasig CAS (unless the user checked "Warn me before logging me into other sites.").
I never used mama-cas so I don't know if there is a special manipulation to do to get SSO to work.
Did you add the urls of you apps A, B, C to the list of allowed services on the CAS ?
Beware, SSO is sometimes used to refer to SIngleSignOn and sometimes to SigleSignOut cf https://wiki.jasig.org/display/CASUM/Single+Sign+Out so it can be confusing
from django-cas-ng.
@nitmir Can you explain the flow from client side in case of single sign on in django-cas-ng? Because at the moment I am using a cookie based solution to make it work, but I would rather prefer not to do it this way. I know I must be surely missing something in configuration.
In my case A, B, C all are on same domain, as is my CAS. If I add urls of A, B, C to CAS's list of allowed services does it mean I can drop cookie based flow? It's a bit unclear to me atm
from django-cas-ng.
@Rajesh-Yogeshwar If the client is already authenticated to the cas and want to access service A, the following happen :
https://A -> 302 redirect -> https://cas/login?service=A -> 302 redirect -> https://A?ticket=ST-SQjd…
In background the service A fetch https://cas/serviceValidate?service=A&ticket=ST-SQjd…
the cas responds OK if the ticket is valid and user is logged to service A, else the cas responds with an error and the user is not logged.
If the client is not authenticated to the CAS https://cas/login?service=A should display a login form, when on successful login to the cas the user is redirected to https://A?ticket=ST-SQjd…
Usually all services and the CAS are on different domains but that's not mandatory and I have a couples of services on the same domains working fine. Just be careful that a service A do not erase some cookies of service B (for example service A and B on the same domain should not use the same cookie name to handle sessions or else the user wont be able to login service A and B in the same time)
Indeed if you use the CAS to authenticate user, you should not need some shared cookies across services.
from django-cas-ng.
This is the kind of explanation that needs to be in readme. I am working on my dev machine and every thing is hosted on localhost. So probably because of this I am not able to get it working. Thank you for a good explanation
from django-cas-ng.
@Rajesh-Yogeshwar it is working in production? If i use different cookie session name is working?
from django-cas-ng.
@morocarlo Yes. I got it working. But what I did was take idea from explanation provided by @nitmir and rolled my own little solution. Its been working on my company's private applications for more than a year.
from django-cas-ng.
Hi, @Rajesh-Yogeshwar, i can't log in automatically with differents domains, how you do that?
from django-cas-ng.
@diegoduncan21 I am on same domain, only different subdomains. @nitmir has explained it how it should be done.
from django-cas-ng.
Related Issues (20)
- CAS_CHECK_NEXT no longer supports callable? HOT 1
- DataError at /accounts/login/ value too long for type character varying(255)
- Exception Value: mismatched tag: line 50, column 75
- Invalid next URLs in login causes a server error HOT 2
- Not an issue , but a doubt , so the user attributes from django mama cas are contained in the st ticket and they get loaded into user table ? HOT 1
- Failed when `python manage.py migrate` HOT 3
- Django >= 3.2.7 requires new migration script HOT 2
- Single Logout ignores `CAS_ROOT_PROXIED_AS` setting
- Please make a release HOT 2
- ParseError: not well-formed (invalid token): line 1, column 854 HOT 1
- Can't request XML content using by requests HOT 1
- CAS Affiliation support HOT 2
- django.db.utils.OperationalError: (1071, 'Specified key was too long; max key length is 3072 bytes') HOT 5
- Redirect url error when passing absolute rute to next param on logout view
- CAS_APPLY_ATTRIBUTES_TO_USER does not appear to add any attributes to user HOT 2
- doc: `CAS_ADMIN_REDIRECT` is not documented HOT 1
- Live Demo on https://djangocas.dev is not working
- Documentation changelog not updated
- [solved][nobug] CAS_USERNAME_ATTRIBUTE
- Internal Server Error: /accounts/login/ (duplicate key constraint)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-cas-ng.