Django, CAS authentication and Apache
I am certainly no stranger to Web Development, but I decide to really look at the Python web framework django in some detail last week to write a small web application for Workload Modelling for Academic Staff.
Yes, this is a geeky, programming post.
In doing so I ran into some trouble trying to get CAS authentication to work with the app. I tried using a django-cas client I found, having found no direct CAS support in django. This took a reasonable number of code modifications, in several source files (really only a pain because I would have to maintain both development code and production code on different authentication). However the critical problem was that while I could get authentication into the "userland" parts of the app, I was getting redirect issues with the django generated administration interface.
So, I found a totally different approach. Django does have generic remote user support built-in which I hadn't initially found. There are some details here. As you can see there are only two lines of code needed to enable this support.
I found this worked without any drama when I used Apache to force the CAS authentication. So the code required (in version 1.8 of django) is simply as follows, in the settings.py file.
MIDDLEWARE_CLASSES = ( '...', 'django.contrib.auth.middleware.AuthenticationMiddleware', # This is where the new line needs to be added 'django.contrib.auth.middleware.RemoteUserMiddleware', '...', ) AUTHENTICATION_BACKENDS = ( 'django.contrib.auth.backends.RemoteUserBackend', )
The Apache Configuration looks something like this.
WSGIPythonPath /usr/local/share/WAM/ <IfModule mod_auth_cas.c> CASValidateServer Off CASLoginURL https://your.cas.server/login CASVersion 2 CASDebug On CASValidateURL https://your.cas.server/serviceValidate CASCookiePath /tmp/ CASTimeout 43200 CASIdleTimeout 3600 </IfModule> <Location /wam> AuthType CAS Require valid-user </Location> <Directory /usr/local/share/WAM/loads/static> Require all granted </Directory> WSGIScriptAlias /wam /usr/local/share/WAM/WAM/wsgi.py <Directory /usr/local/share/WAM/WAM> <Files wsgi.py> Require all granted </Files> </Directory>
You will need to ensure you have Apache's CAS and wsgi modules installed and enabled too.
I wasted a couple of hours going around the houses on this one, so hopefully it may save you. I will be hosting the project for my modeller on foss.ulster.ac.uk along with the code once I move it from GitHub.
One thought on “Django, CAS authentication and Apache”