Django CAS 1.0/2.0/3.0 client authentication library, support Django 2.0, 2.1, 2.2, 3.0 and Python 3.5+

Overview

django-cas-ng

https://travis-ci.org/django-cas-ng/django-cas-ng.svg?branch=master https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square

django-cas-ng is Django CAS (Central Authentication Service) 1.0/2.0/3.0 client library to support SSO (Single Sign On) and Single Logout (SLO).

It supports Django 2.0, 2.1, 2.2, 3.0 and Python 3.5+!

This project inherits from django-cas (which has not been updated since April 2013) at 2014. The ng stands for "next generation". Our fork will include bugfixes and new features contributed by the community.

Document

Checkout document at https://djangocas.dev/docs/latest/

Quick links:

Features

  • Supports CAS versions 1.0, 2.0 and 3.0
  • Support Single Logout (needs CAS server support)
  • Supports Token auth schemes
  • Can fetch Proxy Granting Ticket
  • Supports Django 2.0, 2.1, 2.2 and 3.0
  • Supports using a User custom model
  • Supports Python 3.5+
  • Supports typing hints in public API.

To support django 1.x and Python 2.x, please use 3.6.0.

Contributing

New contributors are always welcome! Check out Contribution to get involved.

Change Log

This project adheres to Semantic Versioning. Checkout all the Changelog.

Comments
  • Mysql utf8 database issue since 4.2.0

    Mysql utf8 database issue since 4.2.0

    Platform & Version Platform: Linux django-cas-ng: >= 4.2.0 Django: 3.2 Python: 3.8 CAS Server Software and version: 3

    Describe the bug The migration needed for django-cas-ng >= 4.2.0 fails on a utf8 mysql/mariadb database with error :

    1071, 'Specified key was too long; max key length is 3072 bytes'

    It works with a "smaller" collation, such as latin_sweedish_ci, but it is supposed to work on utf8 databases too, isn't it ?

    To Reproduce Steps to reproduce the behavior:

    1. use a utf8 mysql database
    2. update django-cas-ng >=4.2.0
    3. migrate
    4. see "1071, 'Specified key was too long; max key length is 3072 bytes'"

    Expected behavior migration succeeds on a utf8 database

    Screenshots

    Additional context mariadb server is debian stable

    Thanks

    bug help wanted wontfix 
    opened by pix106 19
  • SSL: CERTIFICATE_VERIFY_FAILED

    SSL: CERTIFICATE_VERIFY_FAILED

    I get a SSL: CERTIFICATE_VERIFY_FAILED error with the latest version when the CAS server uses a self-signed certificate. I didn't get this error with the previous version 3.5.5.

    I downgraded to 3.5.5 and it works for me, but I thought you might want to know...

    opened by michel-kraemer 12
  • Forbidden in 3.4

    Forbidden in 3.4

    I have a super simple django-cas-ng test project with nothing installed but Django 1.7 and django-cas-ng, with these settings:

    CAS_SERVER_URL = 'https://cas.oursite.edu/cas/login'
    CAS_ADMIN_PREFIX = '/admin'
    CAS_LOGOUT_COMPLETELY = True
    

    plus the login/logout URLs shown in the docs.

    With versions 3.1, 3.2 and 3.3, it works just fine. But when I upgrade to 3.4 or 3.4.1 I get:

    http://127.0.0.1:8000/accounts/login?next=%2F&ticket=ST-2138-43ZolaFcMAeLcZjAK-cas.oursite.edu

        Forbidden
        Login failed.
    

    (403 on the GET request as shown in runserver). Is there an additional setting or configuration I need to use when upgrading?

    opened by shacker 12
  • Add 3.5.10 -> 3.6.0 migration guide

    Add 3.5.10 -> 3.6.0 migration guide

    3.6.0 is a breaking change, and really should have been a major release. Let's add a short migration guide to the release notes. It should include both the change of imports (#189) and the need for the cas_ng_login name (#179).

    enhancement wontfix 
    opened by piotrb5e3 9
  • 	modified:   django_cas_ng/views.py

    modified: django_cas_ng/views.py

    Hello, Thank you for this nice library. Here our tiny contribution. This worked as expected with our CAS 3.4 service.

    -Fix bug in _logout_url for correct redirection after logout

    -Alter the login fail, response with a customizable view

    opened by RaphRi 9
  • CAS_FORCE_SSL_SERVICE_URL = True don't work on LogoutView

    CAS_FORCE_SSL_SERVICE_URL = True don't work on LogoutView

    Platform & Version Platform: Windows or Linux or Mac... django-cas-ng: 4.1.1 Django: 2.2.11 Python: 3.7.4 CAS Server Software and version: 4

    Describe the bug Hello,

    I use the following options :

    • CAS_FORCE_SSL_SERVICE_URL = True
    • CAS_IGNORE_REFERER=True
    • LOGOUT_REDIRECT_URL = '/'+BASE_URL_PATH+'........./'

    On the Logout page, I am not redirected in HTTPS.

    In the source code of django-cas-ng, the GET and POST methods of the LogoutView class do not call the get_service_url method which checks if CAS_FORCE_SSL_SERVICE_URL = True and initializes protocol = 'https'.

    Thank.

    bug wontfix 
    opened by jojo-80 8
  • Google style SSO login

    Google style SSO login

    Well, first thing I couldn't come up with better title for issue so apologies. Now, to the situation I have django-mama-cas as my cas server, and I am using django-cas-ng on three other applications. I have followed instruction for django-cas-ng as specified on your github page. A simple scenario, my apps are A, B, C when I successfully login into A then switch to tab and request login page for B I should be logged into B automatically(If I am not wrong this is what SSO is meant to do). How using django-cas-ng and django-mama-cas I can achieve this?

    opened by rajeshyogeshwar 8
  • Django 1.10 upgrade forced by upgrade

    Django 1.10 upgrade forced by upgrade

    I was on version 3.4.2 with Django v1.9.x, and ran:

    pip install --upgrade django-cas-ng==3.5.2

    and found my Django version was forced up to 1.10. I was able to downgrade it manually, but that probably should not have happened automatically, right?

    opened by shacker 7
  • AnonymousUser after login

    AnonymousUser after login

    In my template:

        {% if not user.is_authenticated %}
            Login button links to CAS server
         {% endif %}
    

    Under v 3.4.2 this works perfectly.

    After upgrading to 3.5.2, the login button still displays after successful login. If I render {{user}} in the template, the user is AnonymousUser after login (same if I print(request.user) in the view). If this user now clicks the Login button a second time, CAS recognizes them as pre-authenticated and logs them in immediately.

    It seems like the actual django login() call is no longer being invoked.

    Downgrading for now.

    opened by shacker 7
  • Migrations is missing

    Migrations is missing

    Hi, this lib breaks my test suit, it reports:

    django.db.utils.ProgrammingError: relation "auth_user" does not exist"
    

    If i run python manage.py makemigrations django_cas_ng && python manage.py migrate it works again.

    pip freeze:

    boto==2.38.0
    click==6.0
    Django==1.8.7
    django-cas-ng==3.5.3
    django-debug-toolbar==1.3.0
    django-filter==0.11.0
    django-mama-cas==1.2.0
    django-mptt==0.7.4
    django-nose==1.4.2
    django-reversion==1.9.3
    django-rosetta==0.7.6
    django-storages-redux==1.3
    django-suit==0.2.15
    django-wysiwyg-redactor==0.4.9
    djangorestframework==3.3.1
    djangorestframework-gis==0.9.6
    ecdsa==0.13
    Fabric==1.10.0
    geopy==1.11.0
    gitdb==0.6.4
    GitPython==1.0.1
    Jinja2==2.8
    MarkupSafe==0.23
    microsofttranslator==0.5
    nose==1.3.7
    paramiko==1.16.0
    pipdeptree==0.4.3
    polib==1.0.7
    psycopg2==2.6.1
    pycrypto==2.6.1
    python-cas==1.1.0
    python-dotenv==0.1.3
    requests==2.8.1
    six==1.10.0
    smmap==0.9.0
    sqlparse==0.1.18
    Unipath==1.0
    wheel==0.24.0
    
    opened by mikaelengstrom 7
  • New Release

    New Release

    Hey Everyone, So I noticed that in commit: ddd0ee2 the model changed the name of session to session_key. I think this will break anyones install that had the tables built previous to this commit. I think that we should ship migrations with the upcoming release and provide documentation on how to run them. I think I have a little bit of time to try and put this together if people think it is worth the effort.

    If we do not want to provide migrations, I think the name should be changed back to session to avoid having to edit the database by hand.

    opened by bgroff 7
  • CAS_APPLY_ATTRIBUTES_TO_USER does not appear to add any attributes to user

    CAS_APPLY_ATTRIBUTES_TO_USER does not appear to add any attributes to user

    Platform & Version Platform: Linux django-cas-ng: 4.3.0 Django: 4.1 Python: 3.10 CAS Server Software and version: 3.0

    Describe the bug My CAS returns several fields (like departmentNumber or eduPersonAffiliation) that I'd like to access within my view. I set the CAS_APPLY_ATTRIBUTES_TO_USER setting to True in settings.py, but accessing the request.user in my views does not provide me with these fields. Is it normal ?

    To Reproduce Within any view functions:

    def my_view(request):
        print(dir(request.user))
    

    No differences wether CAS_APPLY_ATTRIBUTES_TO_USER is set to True or False.

    Expected behavior

    That a dict of the attributes returned by my CAS would be accessible

    bug 
    opened by paulgoulain 0
  • django.db.utils.OperationalError: (1071, 'Specified key was too long; max key length is 3072 bytes')

    django.db.utils.OperationalError: (1071, 'Specified key was too long; max key length is 3072 bytes')

    Platform & Version Platform: Mac m2 django-cas-ng: 4.3 Django: 4.1 Python: 3.10 CAS Server Software and version:

    Describe the bug

    django.db.utils.OperationalError: (1071, 'Specified key was too long; max key length is 3072 bytes')

    causes by:
    1 django_cas_ng migrate 2 Applying django_cas_ng.0002_auto_20201023_1400...Traceback (most recent call last): 3 ticket = models.CharField(max_length=1024)

    my plan: ticket = models.TextField(max_length=1024)

    bug 
    opened by xiaozhi-cn 3
Releases(v4.3.0)
  • v4.3.0(Jan 9, 2022)

    • PR #308: Improve redirect url when CAS_ROOT_PROXIED_AS is empty @mbaechtold
    • PR #307: Fix #306 the logout service url when using CAS_ROOT_PROXIED_AS @doomse
    • Add compatibility with Django 4.0. @mbaechtold
    • PR #305: Fix #304: warning on system check from Django 3.2 @corralien
    • PR #303: Remove unused travis files@nikolas
    • PR #302: Add django 3.2 and py3.9/3.10 testing @nikolas
    • PR #298: Add CAS_SESSION_FACTORY setting to allow customizing requests Session @intgr
    • PR #296: Fix #281: session.session_key is None for signed_cookies sessions on first request @davidmgvaz
    • PR #295: Fix #294 DataError at /accounts/login/ value too long
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-4.3.0.tar.gz(17.88 KB)
    django_cas_ng-4.3.0-py2.py3-none-any.whl(26.27 KB)
  • v4.2.1(Jun 11, 2021)

  • v4.2.0(Jun 3, 2021)

    • PR #285: Fix #284: Change default of CAS_USERNAME_ATTRIBUTE to cas:user @b4ldr
    • PR #282: Bugfix: Let checking of the "next" URL parameter be configurable @sebastianmanger
    • PR #278: Add Django 3.1 to tox @nikolas
    • PR #277: Fix tox isort command @nikolas
    • PR #276: Don't use 'del' statement, to fix deepsource error @nikolas
    • PR #275: Fix deepsource error @nikolas
    • PR #274: Truncate session key if it's longer than possible @nikolas
    • PR #273: Remove Signal(providing_args=) argument, deprecated in Django 3.1 @intgr
    • PR #268: returned translations after merging a broken branch @jolob5l
    • PR #267: Add annotations for utils.py @jolob5l
    • PR #266: typing support @jolob5l
    • PR #265: Add russian and ukranian translations @jolob5l
    • PR #263: Fix typo in ProxyGrantingTicket.session_key max_length @nikolas
    • PR #262: Add the CAS_ADMIN_REDIRECT option to disable admin redirect @nikolas
    • PR #261: Increase session_key size to account for signed cookies - closes #260 @nikolas
    • PR #259: Change thrown exception to specific type @spielmannj
    • PR #258: Fix: v1 cas client create error @ibuler
    • PR #257: Fix: urljoin @LeoSirius
    Source code(tar.gz)
    Source code(zip)
  • v4.1.1(Feb 27, 2020)

  • v4.1.0(Feb 25, 2020)

  • v4.0.1(Jan 22, 2020)

  • v4.0.0(Jan 16, 2020)

    • Break change: Drop python 2.x support
    • Break change: Drop django 1.x support
    • PR-206: New behavior for CAS_USERNAME_ATTRIBUTE setting which will now fallback to setting the specified attribute for username when set with a value other than the default (uid) when using a CAS_VERSION that did not previously support this behavior (anything other than CAS_VERSION = 'CAS_2_SAML_1_0).
    • PR-195: Fix bug where session_key is empty after logging in.
    • PR-196: Add support for CAS response callbacks by setting CAS_RESPONSE_CALLBACKS (fix #109)
    • PR-131: Fix get_proxy_ticket method usage
    • PR-134: Allow relative CAS_SERVER_URL starts with '/' without protocol and hostname.
    • Fix #138 Patched README.rst example code.
    • PR-127: Update requirements.txt: django-cas to 1.2.0
    • PR-234: Run flake8 on the entire project
    • PR-233: Update Travis configuration and test matrix
    • PR-232: Remove test branches for Django.VERSION < 2
    • PR-231: Replace deprecated ugettext_lazy with gettext_lazy
    • PR-230: Document project as Python 3.5+ only
    • PR-229: Remove unnecessary workaround for unsupported Pythons
    • PR-222: Upgrade to support Django 3.0
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-4.0.0.tar.gz(27.49 KB)
  • v3.6.0(Nov 23, 2018)

    • Removed support for Django < 1.11.
    • PR-188: Introduce isort for automatic import ordering
    • PR-187: Remove unused workarounds for EOL Django < 1.10
    • PR-186: Simplify dependency handling in tox.ini
    • PR-184: Remove unnecessary distutils fallback from setup.py
    • PR-183: Use skip_install=true for lint or static tox targets
    • PR-182: Distribute package as a universal wheel
    • PR-181: Remove unused submodule python-cas
    • PR-180: Trim trailing white space throughout the project
    • PR-179: Class-based Login, Logout and Callback views, plus successful_login overridable method
    • PR-177: Fix #172 attributes that do not change being removed
    • PR-176: Fix #106: Adding CAS_VE RIFY_SSL_CERTIFICATE setting
    • PR-173: Include 'django_cas_ng.middleware.CASMiddleware' middleware in example settings of README
    • PR-171: Fix #170 in README: Fix broken links, add syntax highlighting and slight changes to the bad_attributes_reject example
    • Fix #164: Remove dead links in README
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-3.6.0.tar.gz(25.17 KB)
    django_cas_ng-3.6.0-py2.py3-none-any.whl(32.58 KB)
  • v3.5.10(Oct 9, 2018)

    • PR-149: Add CAS_PROXIED_AS config: Allow functioanlity behind a proxy server like mod_auth_cas for apache.
    • PR-150: Django 2.0 compatibility (user.is_authenticated).
    • PR-154: Catalan and Spanish translation
    • PR-156: Add support for CAS attributes renaming
    • PR-165: Fix CAS_ROOT_PROXIED_AS double slash
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-3.5.10.tar.gz(24.54 KB)
  • v3.5.9(Jan 2, 2018)

    • Add the optional setting CAS_CREATE_USER_WITH_ID. (PR #129)
    • Fix get_proxy_ticket method usage. (PR #131)
    • Add django 2.0 compability. (PR #143 #146)
    • Added bad_attributes_reject to check SAML key/value attributes. (PR #145)
    Source code(tar.gz)
    Source code(zip)
  • v3.5.8(Jun 30, 2017)

    • Upgrade django-cas to 1.2.0
    • Fix: Coerce boolean strings in attributes to actual boolean values
    • Update middleware for consistency with new-style django middleware
    • Add CAS_APPLY_ATTRIBUTES_TO_USER new settings option to apply attributes to User model.
    • Add support for applying attributes returned from ticket to User model
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-3.5.8.tar.gz(16.52 KB)
  • v3.5.7(Apr 2, 2017)

  • v3.5.6(Nov 6, 2016)

  • v3.5.5(Sep 28, 2016)

    • Login after the session is created, fix the need for double login (such as #83, might fix it but seems slightly different)
    • Fix #96 Login after the session is created, fix the need for double login
    • Fix #95 by delete django requirement from setup.py
    • Fix #91 - raise PermissionDenied rather than return HttpResponseForbidden
    • Add check_additional_permissions to the backend. This allows one to subclass the backend and add arbitrary user permissions checks when authenticating.
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-3.5.5.tar.gz(14.73 KB)
  • v3.5.4(Apr 27, 2016)

    • Support for string view arguments to url() is deprecated and will be removed in Django 1.10.
    • Add migrations.
    • Add initial migrations file.
    • Add CAS_FORCE_CHANGE_USERNAME_CASE option to convert username case to lower or upper. This prevent duplicate account creation in some case.
    • Bugfix for loop redirect when CAS_ADMIN_PREFIX is set as root.
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-3.5.4.tar.gz(14.52 KB)
  • v3.5.3(Nov 20, 2015)

  • v3.5.2(Nov 19, 2015)

  • v3.5.1(Nov 11, 2015)

  • v3.5.0(Nov 8, 2015)

    • Add support for Proxy Granting Ticket.
    • Add Single Logout support.
    • Add Python3 support.
    • Add Django 1.8 support.
    • Add support for custom user model.
    • Add CAS_USERNAME_ATTRIBUTE which allows picking an alternative variable to store the username in the cas attributes.
    • Add CAS_DISPLAY_LOGIN_MESSAGE setting to control whether show welcome message, default is true.
    • Fix redirecting with the "?next" parameter.
    Source code(tar.gz)
    Source code(zip)
    django-cas-ng-3.5.0.tar.gz(13.11 KB)
  • v3.4.2(Jan 11, 2015)

  • v3.4.1(Nov 27, 2014)

  • v3.4.0(Nov 12, 2014)

  • v3.2.0(Oct 25, 2014)

Owner
django-cas-ng
Django CAS (Central Authentication Service) 1.0/2.0/3.0 client library to support SSO (Single Sign On) and Single Sign Out! 2014-2020
django-cas-ng
Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication.

Welcome to django-allauth! Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (soc

Raymond Penners 7.7k Jan 3, 2023
Mock authentication API that acceccpts email and password and returns authentication result.

Mock authentication API that acceccpts email and password and returns authentication result.

Herman Shpryhau 1 Feb 11, 2022
JSON Web Token Authentication support for Django REST Framework

REST framework JWT Auth Notice This project is currently unmaintained. Check #484 for more details and suggested alternatives. JSON Web Token Authenti

José Padilla 3.2k Dec 31, 2022
JSON Web Token Authentication support for Django REST Framework

REST framework JWT Auth JSON Web Token Authentication support for Django REST Framework Overview This package provides JSON Web Token Authentication s

Styria Digital Development 178 Jan 2, 2023
Simple yet powerful authorization / authentication client library for Python web applications.

Authomatic Authomatic is a framework agnostic library for Python web applications with a minimalistic but powerful interface which simplifies authenti

null 1k Dec 28, 2022
Simple yet powerful authorization / authentication client library for Python web applications.

Authomatic Authomatic is a framework agnostic library for Python web applications with a minimalistic but powerful interface which simplifies authenti

null 962 Feb 4, 2021
Simple yet powerful authorization / authentication client library for Python web applications.

Authomatic Authomatic is a framework agnostic library for Python web applications with a minimalistic but powerful interface which simplifies authenti

null 962 Feb 19, 2021
Complete Two-Factor Authentication for Django providing the easiest integration into most Django projects.

Django Two-Factor Authentication Complete Two-Factor Authentication for Django. Built on top of the one-time password framework django-otp and Django'

Bouke Haarsma 1.3k Jan 4, 2023
Django Admin Two-Factor Authentication, allows you to login django admin with google authenticator.

Django Admin Two-Factor Authentication Django Admin Two-Factor Authentication, allows you to login django admin with google authenticator. Why Django

Iman Karimi 9 Dec 7, 2022
Imia is an authentication library for Starlette and FastAPI (python 3.8+).

Imia Imia (belarussian for "a name") is an authentication library for Starlette and FastAPI (python 3.8+). Production status The library is considered

Alex Oleshkevich 91 Nov 24, 2022
A Python library to create and validate authentication tokens

handshake A Python library to create and validate authentication tokens. handshake is used to generate and validate arbitrary authentication tokens th

null 0 Apr 26, 2022
This app makes it extremely easy to build Django powered SPA's (Single Page App) or Mobile apps exposing all registration and authentication related functionality as CBV's (Class Base View) and REST (JSON)

Welcome to django-rest-auth Repository is unmaintained at the moment (on pause). More info can be found on this issue page: https://github.com/Tivix/d

Tivix 2.4k Jan 3, 2023
Django Rest Framework App wih JWT Authentication and other DRF stuff

Django Queries App with JWT authentication, Class Based Views, Serializers, Swagger UI, CI/CD and other cool DRF stuff API Documentaion /swagger - Swa

Rafael Salimov 4 Jan 29, 2022
CheckList-Api - Created with django rest framework and JWT(Json Web Tokens for Authentication)

CheckList Api created with django rest framework and JWT(Json Web Tokens for Aut

shantanu nimkar 1 Jan 24, 2022
A JSON Web Token authentication plugin for the Django REST Framework.

Simple JWT Abstract Simple JWT is a JSON Web Token authentication plugin for the Django REST Framework. For full documentation, visit django-rest-fram

Simple JWT 3.3k Jan 1, 2023
REST implementation of Django authentication system.

djoser REST implementation of Django authentication system. djoser library provides a set of Django Rest Framework views to handle basic actions such

Sunscrapers 2.2k Jan 1, 2023
Authentication Module for django rest auth

django-rest-knox Authentication Module for django rest auth Knox provides easy to use authentication for Django REST Framework The aim is to allow for

James McMahon 878 Jan 4, 2023
Authentication for Django Rest Framework

Dj-Rest-Auth Drop-in API endpoints for handling authentication securely in Django Rest Framework. Works especially well with SPAs (e.g React, Vue, Ang

Michael 1.1k Jan 3, 2023
Authentication for Django Rest Framework

Dj-Rest-Auth Drop-in API endpoints for handling authentication securely in Django Rest Framework. Works especially well with SPAs (e.g React, Vue, Ang

Michael 1.1k Jan 3, 2023