Django, CAS authentication and Apache

I am certainly no stranger to Web Development, but I decide to really look at the Python web framework django in some detail last week to write a small web application for Workload Modelling for Academic Staff.

Yes, this is a geeky, programming post.

In doing so I ran into some trouble trying to get CAS authentication to work with the app. I tried using a django-cas client I found, having found no direct CAS support in django. This took a reasonable number of code modifications, in several source files (really only a pain because I would have to maintain both development code and production code on different authentication). However the critical problem was that while I could get authentication into the "userland" parts of the app, I was getting redirect issues with the django generated administration interface.

So, I found a totally different approach. Django does have generic remote user support built-in which I hadn't initially found. There are some details here. As you can see there are only two lines of code needed to enable this support.

I found this worked without any drama when I used Apache to force the CAS authentication. So the code required (in version 1.8 of django) is simply as follows, in the settings.py file.

MIDDLEWARE_CLASSES = (
    '...',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    # This is where the new line needs to be added
    'django.contrib.auth.middleware.RemoteUserMiddleware',
    '...',
)

AUTHENTICATION_BACKENDS = (
    'django.contrib.auth.backends.RemoteUserBackend',
)

The Apache Configuration looks something like this.

WSGIPythonPath /usr/local/share/WAM/

<IfModule mod_auth_cas.c>
    CASValidateServer Off
    CASLoginURL https://your.cas.server/login
    CASVersion 2
    CASDebug On
    CASValidateURL https://your.cas.server/serviceValidate
    CASCookiePath /tmp/
    CASTimeout 43200
    CASIdleTimeout 3600
</IfModule>


<Location /wam>
    AuthType CAS
    Require valid-user
</Location>

<Directory /usr/local/share/WAM/loads/static>
    Require all granted
</Directory>

WSGIScriptAlias /wam /usr/local/share/WAM/WAM/wsgi.py

<Directory /usr/local/share/WAM/WAM>
    <Files wsgi.py>
        Require all granted
    </Files>
</Directory>

You will need to ensure you have Apache's CAS and wsgi modules installed and enabled too.

I wasted a couple of hours going around the houses on this one, so hopefully it may save you. I will be hosting the project for my modeller on foss.ulster.ac.uk along with the code once I move it from GitHub.

Follow me!

One thought on “Django, CAS authentication and Apache

  1. Pingback: Workload Allocation Monitoring (WAM) Prototype | Proving the Obviously Untrue

Leave a Reply

Your email address will not be published. Required fields are marked *