A common pattern for LDAP authentication is to bind against the LDAP server using the target user's DN and password, which means you'd never need to see/use/compare the userPassword attribute at all. As such, my LDAP ACLs make it such that userPassword is never returned by LDAP, in any form.

The CAS LDAP implementation uses check_password(), which requires the LDAP server to return userPassword so that it can be compared with the POSTed value. I would prefer to bind against the server with the user's credentials, instead.

This check does not pass with Phabricator CAS client : https://github.com/nitmir/django-cas-server/blob/master/cas_server/views.py#L1219

This is due to Phabricator encoding an URL in service GET parameter :

ticket.service = https://phabricator.crans.org:/index.php?__path__=/auth/login/CAS:self/
self.service = https://phabricator.crans.org:/index.php?__path__=%2Fauth%2Flogin%2FCAS%3Aself%2F

self.service is unquoted from service get parameter and __path__ does not get unquoted. That is not the case with ticket.service that gets fully "unquoted".

One way to solve that is to pass the self.service in urllib.parse.unquote.

Clear cookies after logout.

I'm currently running django-cas-server under Django 3.2 and it's working fine using a custom backend.

I'd like to run the tests to help demonstrate more complete functionality, but I don't understand what I need to do to run the tests. Is there a simple way to run the tests included in the package?

Hey there,
Thanks for your amazing project !
I would like to ask if you would be agree to use utils.import_attr and expose USER_CREDENTIAL_FORM (and others) to have dynamic choice of which form to use directly in settings.py ?

That would be a great feature and would prevent people like me to just overwrite it.

I can do a pull request if you're agree :)

There are a number of relatively minor spelling, grammar, and consistency errors within the README.rst file. I took the liberty of cleaning up some of them and are offering them back to you. (I'm preparing a related pull-request.)

I get an error when trying to log into the service that says Cannot resolve keyword 'username' into field - I'm guessing this might be down to the fact that I am using it in an application that uses a custom user class with email address as the unique field, and no usernames. Is it possible to use django-cas-server on an application like this?

Hi,
I am use the activity directory to be an backend, and the ldap mode is bind. sometimes, it is wrong.

The error message is:

File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/threading.py", line 783, in __bootstrap
  self.__bootstrap_inner()
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/threading.py", line 810, in __bootstrap_inner
  self.run()
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/threading.py", line 763, in run
  self.__target(*self.__args, **self.__kwargs)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/SocketServer.py", line 599, in process_request_thread
  self.finish_request(request, client_address)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/SocketServer.py", line 334, in finish_request
  self.RequestHandlerClass(request, client_address, self)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/SocketServer.py", line 655, in __init__
  self.handle()
File "/Users/leyan/.pyenv/versions/cas/lib/python2.7/site-packages/django/core/servers/basehttp.py", line 155, in handle
  handler.run(self.server.get_app())
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/wsgiref/handlers.py", line 85, in run
  self.result = application(self.environ, self.start_response)
File "/Users/leyan/.pyenv/versions/cas/lib/python2.7/site-packages/django/contrib/staticfiles/handlers.py", line 63, in __call__
  return self.application(environ, start_response)
File "/Users/leyan/.pyenv/versions/cas/lib/python2.7/site-packages/django/core/handlers/wsgi.py", line 157, in __call__
  response = self.get_response(request)
File "/Users/leyan/.pyenv/versions/cas/lib/python2.7/site-packages/django/core/handlers/base.py", line 124, in get_response
  response = self._middleware_chain(request)
File "/Users/leyan/.pyenv/versions/cas/lib/python2.7/site-packages/django/core/handlers/exception.py", line 43, in inner
  response = response_for_exception(request, exc)
File "/Users/leyan/.pyenv/versions/cas/lib/python2.7/site-packages/django/core/handlers/exception.py", line 93, in response_for_exception
  response = handle_uncaught_exception(request, get_resolver(get_urlconf()), sys.exc_info())
File "/Users/leyan/.pyenv/versions/cas/lib/python2.7/site-packages/django/core/handlers/exception.py", line 135, in handle_uncaught_exception
  extra={'status_code': 500, 'request': request},
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/logging/__init__.py", line 1506, in _LogErrorReplacement
  """
File "/Users/leyan/.pyenv/versions/cas/lib/python2.7/site-packages/django/core/handlers/exception.py", line 41, in inner
  response = get_response(request)
File "/Users/leyan/.pyenv/versions/cas/lib/python2.7/site-packages/django/core/handlers/base.py", line 249, in _legacy_get_response
  response = self._get_response(request)
File "/Users/leyan/.pyenv/versions/cas/lib/python2.7/site-packages/django/core/handlers/base.py", line 187, in _get_response
  response = self.process_exception_by_middleware(e, request)
File "/Users/leyan/.pyenv/versions/cas/lib/python2.7/site-packages/django/core/handlers/base.py", line 185, in _get_response
  response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/Users/leyan/.pyenv/versions/cas/lib/python2.7/site-packages/django/views/decorators/debug.py", line 76, in sensitive_post_parameters_wrapper
  return view(request, *args, **kwargs)
File "/Users/leyan/.pyenv/versions/cas/lib/python2.7/site-packages/django/views/generic/base.py", line 68, in view
  return self.dispatch(request, *args, **kwargs)
File "/Users/leyan/.pyenv/versions/cas/lib/python2.7/site-packages/django/views/generic/base.py", line 88, in dispatch
  return handler(request, *args, **kwargs)
 File "/Users/leyan/devops/cas/cas_server/views.py", line 499, in post
  ret = self.process_post()
 File "/Users/leyan/devops/cas/cas_server/views.py", line 567, in process_post
  if self.form.is_valid():
File "/Users/leyan/.pyenv/versions/cas/lib/python2.7/site-packages/django/forms/forms.py", line 183, in is_valid
  return self.is_bound and not self.errors
File "/Users/leyan/.pyenv/versions/cas/lib/python2.7/site-packages/django/forms/forms.py", line 175, in errors
  self.full_clean()
File "/Users/leyan/.pyenv/versions/cas/lib/python2.7/site-packages/django/forms/forms.py", line 385, in full_clean
  self._clean_form()
File "/Users/leyan/.pyenv/versions/cas/lib/python2.7/site-packages/django/forms/forms.py", line 412, in _clean_form
  cleaned_data = self.clean()
 File "/Users/leyan/devops/cas/cas_server/forms.py", line 126, in clean
  auth = utils.import_attr(settings.CAS_AUTH_CLASS)(cleaned_data["username"])
 File "/Users/leyan/devops/cas/cas_server/auth.py", line 299, in __init__
  attributes=unicode(ldap3.ALL_ATTRIBUTES)
File "/Users/leyan/.pyenv/versions/cas/lib/python2.7/site-packages/ldap3/core/connection.py", line 788, in search
  response = self.post_send_search(self.send('searchRequest', request, controls))
File "/Users/leyan/.pyenv/versions/cas/lib/python2.7/site-packages/ldap3/strategy/base.py", line 299, in send
  self.sending(ldap_message)
File "/Users/leyan/.pyenv/versions/cas/lib/python2.7/site-packages/ldap3/strategy/base.py", line 834, in sending
  raise communication_exception_factory(LDAPSocketSendError, type(e)(str(e)))(self.connection.last_error)

ldap3.core.exceptions.LDAPSocketSendError: socket sending error[Errno 32] Broken pipe

Is someone have the same error?

Here are my work envirenment:
certifi 2018.11.29
chardet 3.0.4
Django 1.11.18
django-auth-ldap 1.1.4
futures 3.2.0
idna 2.8
ldap 1.0.2
ldap3 2.5.2
lxml 4.3.0
MySQL-python 1.2.5
pip 18.1
pyasn1 0.4.5
python-ldap 2.4.13
pytz 2018.9
PyYAML 3.13
requests 2.21.0
requests-futures 0.9.9
setuptools 40.6.3
six 1.12.0
urllib3 1.24.1
uWSGI 2.0.17.1
wheel 0.32.3

Any 2.2 support coming up?

Currently, if the identity provider CAS do not return an XML document as specified on ticket validation,
an XML parsing error is raised.

We should catch such error and display to the user that there is a problem with the response of his CAS identity provider.

The install_requires setting in setup.py has:
install_requires=[
'Django >= 1.11,<3.2', 'requests >= 2.4', 'requests_futures >= 0.9.5',
'lxml >= 3.4', 'six >= 1'
],
preventing it from installing cleanly via pip with Django 3.2

Hi!

I have extended the Django User Model from AbstractUser to create a custom one to suit my needs. One of them is that there is no username. Instead, the only credentials for my users will be email and password.

I have seen that at least DjangoAuthUser and so AuthUser strongly depends on a "username". The main goal of my project is to provide a CAS implementation, so I am wondering whether should I revert to the original Django User and try to overcome the username/email problem there somehow, or try to make the adjustments in django-cas-server. Can you give me any advice about this?

Thanks a lot.
Óscar

I need it Thank you

I have the need to integrate Duo Security 2FA using https://github.com/duosecurity/duo_python. Not sure how to go about it. Any advice would be greatly appreciated.

-Brian

I have an existing Django application (grouprise), which I would like to extend with an authentication provider, in order to let our users work with an external application (in this case: an element/matrix instance).

Thus I added cas_server to INSTALLED_APPS in my existing Django application.
I was happy to get to a working login via /cas/login quickly. Now it is possible to use the external application based on the account storage of my existing application.

But I was surprised (surely due to my lack of understanding), that the session of my existing Django application is not connected to the session of the CAS Server application:

• 1. log out of my existing Django application and log in to CAS via /cas/login -> afterwards the existing Django application is not authenticated (I need to log in separately, again)
• 2. log out of CAS and log into my existing Django appliation -> there is no CAS session

I assume, that this result is quite obvious for you, dear reader. But I am a bit at loss, what to do now.

I could imagine, that I could solve this, by adding a CAS client application to the setup, in order to redirect the authentication of existing application towards the CAS server.

Or maybe CAS server is just not meant to be combined with other applications? Or maybe I misunderstand something trivial?

Thank you for your time!

(sorry for using this issue tracker for a support request - I am not aware of other communication channels for CAS Server)

if I want to open django admin /admin/, I am getting:

__init__() missing 1 required positional argument: 'username'

I have set up all the settings in docs. What am I missing? :/

Hey. Thanks for the app.

We use a custom model for a User with an e-mail authorization field.

Also, we redefined CAS_AUTH_CLASS, where in the __init__ method we replaced username with email.

BUT, /cas/login/ uses veiws.LoginView, where username is used in the methods - in the file views.py on line 506.

How to be? Completely override LoginView?

When requesting a login for a service URL that is not purely ASCII, say, https://example.com/?next=/é (properly URL-encoded in practice to https%3A%2F%2Fexample.com%2F%3Fnext%3D%252F%25C3%25A9), the cas_server fails with 500 error. This error is caused by cas_server.utils.update_url, calling urllib.parse.parse_qsl on the utf-8 encoded GET arguments part of the URL. This function fails with eg. UnicodeEncodeError: 'ascii' codec can't encode character '\xe9' in position 1: ordinal not in range(128).

Digging into urllib code, this happens because urllib tries to coerce its return value to the same type as its input type, or, by default, ascii. The input value passed being bytes, it tries to coerce it to ascii by default, resulting in an error in the present case.

Steps to reproduce

Start locally a django-cas-server, then query eg. http://localhost:8000/login?service=https%3A%2F%2Fexample.com%2F%3Fnext%3D%252F%25C3%25A9

Possible fix

Unless this is required for some reason, avoiding conversion to bytes here seems to fix the issue. However, I assume this might be needed with older versions of urllib.

I search how I can use federate and classic login process on different url or subdomains.
It's possible?

I have try to change the CAS_FEDERATE settings values according to the subdomains. It seems to work but it's not clean.

Thank
P.S: Sorry for my bad English

i want to use the cas-server as an alone server,and other django app as the cas client.i use the django-cas-ng ,but when i login,only login page show,and don't redirect to the url that i want.

Service http://xx:8000/accounts/login/?next=%2Fconsole%2F non allowed.

Log In Successful
You have successfully logged into the Central Authentication Service.
For security reasons, please Log Out and Exit your web browser when you are done accessing services that require authentication!

can you help me? thank you

I use actually django-cas-server version 1.3.1. When I upgrade Django 3.2 to Django 4.0, it no longer works, particularly when running pipeline. Could you update your package, please ?
Thank you so much.

When authenticating against LDAP with ldap password check type, the authentication will fail with Error 500 if the password is encrypted using (deprecated and insecure) DES method.

Setup

• An LDAP server whose password entries are using ldap format, eg. {CRYPT}$6$…$…. When the format is {CRYPT}, the string remainder should be parsed according to this.
• Some LDAP entries using the deprecated and insecure DES format, which is one of the formats supported by crypt.
• Try to log in with one of those accounts

What should happen

The authentication should work.

What happens

The authentication attempt results in Error 500

Why does it happen

When trying to extract the hash salt within utils.py on such a format, the absence of $ in the DES encoding makes it return an empty salt. This is interpreted later on as a missing salt, causing an exception because {CRYPT} requires a salt. Simply passing the whole hashed password to crypt.crypt solves the problem.

Django's internal auth backend uses check_password
But this package uses test_password

How do I override that ?

I am trying to make the user be logged in on 2 subdomains. but it is not working properly.

staging-1.domain.nl (contains the CAS server)
staging-2.domain.nl

It used to work correctly when I was logged in to one service that I was logged in to the other service. But since a small time it is not possible any longer to login on the first site and then enter the second site.

My configuration is:

1. Position: 100

2. Patern: ^https://staging.*\.domain\.nl/.*$

3. Position: 1000

4. Patern: ^http://localhost:.*$

All the other stuff is left the same (apart from some Replace attribute names).

Is there some configuration thing that I am doing wrong? Hopefully someone can help me.

Can django-cas-server work as a SAML 2.0 SSO?

When I go to Admin > Central Authentication Service > Federated users and that I want to add a federated user, I've an error saying that last_update field is unknown.

I could resolve the problem by erasing last_update in Class FederatedUserAdmin (admin.py) but that's maybe not the best solution.

When I run the server, I am getting this error. I am running the cas-server module on windows machine. Can you please solve this issue?

Hello,

I try to manage user attributes, but I always have an empty data when I receive response from serviceValidate.

this is some settings I use for the django cas server:

CAS_AUTH_CLASS = 'cas_server.auth.SqlAuthUser'
CAS_SQL_PASSWORD_CHECK = "plain"
CAS_SQL_USER_QUERY = "SELECT username, password, cas_users.* FROM cas_users WHERE username = %s"

When I try to connect to the CAS server with flask CAS, i have this error:

TypeError
TypeError: argument of type 'NoneType' is not iterable

....
File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1598, in dispatch_request
return self.view_functionsrule.endpoint
File "/usr/local/lib/python2.7/dist-packages/Flask_CAS-1.0.1-py2.7.egg/flask_cas/routing.py", line 45, in login
if validate(flask.session[cas_token_session_key]):
File "/usr/local/lib/python2.7/dist-packages/Flask_CAS-1.0.1-py2.7.egg/flask_cas/routing.py", line 127, in validate
if "cas:memberOf" in attributes:

This this the content of the serviceValidate response:

<cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas">
<cas:authenticationSuccess>
<cas:user>test1</cas:user>
<cas:attributes></cas:attributes>
</cas:authenticationSuccess>
</cas:serviceResponse>

Because of cas:attributes is empty, flask-CAS make an error. I Tried to remove attributes part or add one , but I failed, How can I do?

Many thanks in advance for your assistance,

Client choice? Django - cas - ng?

I have a successful django oauth implementation that uses Active Directory as a backend. I was to add CAS as a feature but it does not want to use the django_auth_ldap.backend.LDAPBackend backend. Adding all of the basic CAD_LDAP_ parameters one thing that seem to be missing is the ability to ignore verification for TLS certs for testing and development.

Is this the case or is there a way to configure this?

Summary:

When using django-cas-server, you have to run collectstatic in debug mode before you can run it in non-debug mode . Otherwise you get the following backtrace:

$ python manage.py collectstatic
Traceback (most recent call last):
  File "manage.py", line 22, in <module>
    execute_from_command_line(sys.argv)
  File "<venv path>/lib/python3.6/site-packages/django/core/management/__init__.py", line 364, in execute_from_command_line
    utility.execute()
  File "<venv path>/lib/python3.6/site-packages/django/core/management/__init__.py", line 338, in execute
    django.setup()
  File "<venv path>/lib/python3.6/site-packages/django/__init__.py", line 27, in setup
    apps.populate(settings.INSTALLED_APPS)
  File "<venv path>/lib/python3.6/site-packages/django/apps/registry.py", line 108, in populate
    app_config.import_models()
  File "<venv path>/lib/python3.6/site-packages/django/apps/config.py", line 202, in import_models
    self.models_module = import_module(models_module_name)
  File "<venv path>/lib/python3.6/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 994, in _gcd_import
  File "<frozen importlib._bootstrap>", line 971, in _find_and_load
  File "<frozen importlib._bootstrap>", line 955, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 665, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 678, in exec_module
  File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
  File "<venv path>/lib/python3.6/site-packages/cas_server/models.py", line 13, in <module>
    from .default_settings import settings, SessionStore
  File "<venv path>/lib/python3.6/site-packages/cas_server/default_settings.py", line 21, in <module>
    CAS_LOGO_URL = static("cas_server/logo.png")
  File "<venv path>/lib/python3.6/site-packages/django/contrib/staticfiles/templatetags/staticfiles.py", line 12, in static
    return _static(path)
  File "<venv path>/lib/python3.6/site-packages/django/templatetags/static.py", line 166, in static
    return StaticNode.handle_simple(path)
  File "<venv path>/lib/python3.6/site-packages/django/templatetags/static.py", line 117, in handle_simple
    return staticfiles_storage.url(path)
  File "<venv path>/lib/python3.6/site-packages/django/contrib/staticfiles/storage.py", line 162, in url
    return self._url(self.stored_name, name, force)
  File "<venv path>/lib/python3.6/site-packages/django/contrib/staticfiles/storage.py", line 141, in _url
    hashed_name = hashed_name_func(*args)
  File "<venv path>/lib/python3.6/site-packages/django/contrib/staticfiles/storage.py", line 432, in stored_name
    raise ValueError("Missing staticfiles manifest entry for '%s'" % clean_name)
ValueError: Missing staticfiles manifest entry for 'cas_server/logo.png'

Analysis:

When django-cas-server module gets loaded, its default settings use the template tag static to find out where its default logo is. In debug mode, this function just returns the path to the file without any other faff. [1]

However, in non-debug mode, it tries to search the staticfiles manifest for the file. If there is no manifest because collectstatic has not been run before, this fails.

Workaround:

At the moment you can work around this by running collectstatic in debug mode before turning it off. This isn't ideal in production though.

my python version is Python 2.7.6 and django version is Django (1.9.4),
i only use the django-admin startproject xx to create the project,
when i execute the commad python manage.py migrate,the error come,

/software/python/venv/cas/local/lib/python2.7/site-packages/cas_server/urls.py:46: RemovedInDjango110Warning: django.conf.urls.patterns() is deprecated and will be removed in Django 1.10. Update your urlpatterns to be a list of django.conf.urls.url() instances instead.
url('^auth$', views.Auth.as_view(), name='auth'),

Operations to perform:
Apply all migrations: admin, contenttypes, cas_server, auth, sessions
Running migrations:
Rendering model states... DONE
Applying contenttypes.0001_initial... OK
Applying auth.0001_initial... OK
Applying admin.0001_initial... OK
Applying admin.0002_logentry_remove_auto_add... OK
Applying contenttypes.0002_remove_content_type_name... OK
Applying auth.0002_alter_permission_name_max_length... OK
Applying auth.0003_alter_user_email_max_length... OK
Applying auth.0004_alter_user_username_opts... OK
Applying auth.0005_alter_user_last_login_null... OK
Applying auth.0006_require_contenttypes_0002... OK
Applying auth.0007_alter_validators_add_error_messages... OK
Applying sessions.0001_initial... OK
Applying cas_server.0001_squashed_0021_auto_20150611_2102...Traceback (most recent call last):
File "manage.py", line 10, in
execute_from_command_line(sys.argv)
File "/software/python/venv/cas/local/lib/python2.7/site-packages/django/core/management/init.py", line 353, in execute_from_command_line
utility.execute()
File "/software/python/venv/cas/local/lib/python2.7/site-packages/django/core/management/init.py", line 345, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/software/python/venv/cas/local/lib/python2.7/site-packages/django/core/management/base.py", line 348, in run_from_argv
self.execute(_args, *_cmd_options)
File "/software/python/venv/cas/local/lib/python2.7/site-packages/django/core/management/base.py", line 399, in execute
output = self.handle(_args, *_options)
File "/software/python/venv/cas/local/lib/python2.7/site-packages/django/core/management/commands/migrate.py", line 200, in handle
executor.migrate(targets, plan, fake=fake, fake_initial=fake_initial)
File "/software/python/venv/cas/local/lib/python2.7/site-packages/django/db/migrations/executor.py", line 92, in migrate
self._migrate_all_forwards(plan, full_plan, fake=fake, fake_initial=fake_initial)
File "/software/python/venv/cas/local/lib/python2.7/site-packages/django/db/migrations/executor.py", line 121, in _migrate_all_forwards
state = self.apply_migration(state, migration, fake=fake, fake_initial=fake_initial)
File "/software/python/venv/cas/local/lib/python2.7/site-packages/django/db/migrations/executor.py", line 198, in apply_migration
state = migration.apply(state, schema_editor)
File "/software/python/venv/cas/local/lib/python2.7/site-packages/django/db/backends/base/schema.py", line 90, in exit
self.execute(sql)
File "/software/python/venv/cas/local/lib/python2.7/site-packages/django/db/backends/base/schema.py", line 110, in execute
cursor.execute(sql, params)
File "/software/python/venv/cas/local/lib/python2.7/site-packages/django/db/backends/utils.py", line 79, in execute
return super(CursorDebugWrapper, self).execute(sql, params)
File "/software/python/venv/cas/local/lib/python2.7/site-packages/django/db/backends/utils.py", line 64, in execute
return self.cursor.execute(sql, params)
File "/software/python/venv/cas/local/lib/python2.7/site-packages/django/db/utils.py", line 95, in exit
six.reraise(dj_exc_type, dj_exc_value, traceback)
File "/software/python/venv/cas/local/lib/python2.7/site-packages/django/db/backends/utils.py", line 64, in execute
return self.cursor.execute(sql, params)
File "/software/python/venv/cas/local/lib/python2.7/site-packages/django/db/backends/mysql/base.py", line 112, in execute
return self.cursor.execute(query, args)
File "/software/python/venv/cas/local/lib/python2.7/site-packages/MySQLdb/cursors.py", line 205, in execute
self.errorhandler(self, exc, value)
File "/software/python/venv/cas/local/lib/python2.7/site-packages/MySQLdb/connections.py", line 36, in defaulterrorhandler
raise errorclass, errorvalue
django.db.utils.OperationalError: (1072, "Key column 'session_id' doesn't exist in table")

anyone can help me?

I can't seem to find any option to add salt on password hash for MD5 SHA512 or other hash (except Crypt)

Am I missing something ?

I want users to enter the username/password every time they are redirected to cas login page. How can I achieve this?

I can't connect properly to AD through LDAP backend. Is it tested and possible?
I've stucked at the moment when password is being compared with the one from attributes. When I fool the software and set CAS_LDAP_PASSWORD_ATTR = 'sAMAccountName' and CAS_LDAP_PASSWORD_CHECK = 'plain' all work as expected, but for proper scenario I don't see any attribute with password or password hash.
Other 3rdparty software which uses LDAP authentication in my environment works, so I think it must be something with django-cas-server implementation.
I've tried also Vauxia's fork, but it works weird :) I always get authenticated whatever I put as user/pass.
Please, help. Best regards!

Hi!

Would it be possible to implement a password change/password reset functionality?
While the protocol doesn't mention this feature, the documentation does have a page for it here.

It would be relatively easy to implement a password change page for already logged in users for DjangoAuthUser and SqlAuthUser backends, but i'm not sure about the others.

Would this be still in scope for the project?

Hello,

I don't know where to post to have a little bit help in using the federated mode in django-cas-server.

I would like to use django-cas-server as a CAS consumer and CAS provider : django-cas-server would ask a CAS server to authenticate, then the CAS server send the user login and attributes to django-cas-server and django-cas-server can be used as a CAS server by other applications.

If I read corretly the documentation, that seems possible.

But presently, I have set the identity provider : one of my CAS server (LemonLDAP). When I try to log in via django-cas-server to the CAS server (OpenLDAP), it's ok. But then, I'm not redirected to django, the CAS server redirects me to his portal. So I don't know if dajango-cas-server really got the user and its attributes.

Could someone help me, please ?

I have recently implemented a custom LoginView (descending from CAS's LoginView) that supports the use of the TGT / CASTGC method of supporting SSO across different sites.

It works by overriding the get, post, and init_form methods of the original class, along with implementing new valid_tgt, process_tgt, gen_tgt and set_cookie methods. There's also a new TgtUser model created to store the currently-active TGT for an authenticated user.

Do you have any interest in possibly adding these to the project? I'd be happy to clean them up and submit them as a PR. There are a couple items that I would like to discuss before doing this regarding what elements should be made configurable through settings in the settings file.

I also have a couple of test Django projects built that can be run to demonstrate that it works as intended.

I would like to use CAS with an LDAP authentication backend. I added the following line to my app's config/settings/common.py:

CAS_AUTH_CLASS = 'cas_server.auth.LdapAuthUser'

When I POST the login form, I get the following error message:

TypeError at /cas/login
'unicode' object is not callable
...
Exception Value:    
'unicode' object is not callable
Exception Location: /python2.7/site-packages/cas_server/forms.py in clean, line 126

Line 126 reads of forms.py reads:

auth = utils.import_attr(settings.CAS_AUTH_CLASS)(cleaned_data["username"])

It's having a problem instantiating the Authentication class defined via CAS_AUTH_CLASS. So I copied the value from cas_server/default_settings.py:

CAS_AUTH_CLASS = 'cas_server.auth.DjangoAuthUser'

But I got the same TypeError.

The TypeError does NOT occur when I comment out CAS_AUTH_CLASS in my settings/common.py. Form submission works as expected, but of course it doesn't use LDAP.

So there's something going on with overriding default_settings in settings/common.py. It may be user error, because Django is pretty new for me.