Tag Archives: Apache

Django, CAS authentication and Apache

I am certainly no stranger to Web Development, but I decide to really look at the Python web framework django in some detail last week to write a small web application for Workload Modelling for Academic Staff.

Yes, this is a geeky, programming post.

In doing so I ran into some trouble trying to get CAS authentication to work with the app. I tried using a django-cas client I found, having found no direct CAS support in django. This took a reasonable number of code modifications, in several source files (really only a pain because I would have to maintain both development code and production code on different authentication). However the critical problem was that while I could get authentication into the “userland” parts of the app, I was getting redirect issues with the django generated administration interface.

So, I found a totally different approach. Django does have generic remote user support built-in which I hadn’t initially found. There are some details here. As you can see there are only two lines of code needed to enable this support.

I found this worked without any drama when I used Apache to force the CAS authentication. So the code required (in version 1.8 of django) is simply as follows, in the settings.py file.

MIDDLEWARE_CLASSES = (
    '...',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    # This is where the new line needs to be added
    'django.contrib.auth.middleware.RemoteUserMiddleware',
    '...',
)

AUTHENTICATION_BACKENDS = (
    'django.contrib.auth.backends.RemoteUserBackend',
)

The Apache Configuration looks something like this.

WSGIPythonPath /usr/local/share/WAM/

<IfModule mod_auth_cas.c>
    CASValidateServer Off
    CASLoginURL https://your.cas.server/login
    CASVersion 2
    CASDebug On
    CASValidateURL https://your.cas.server/serviceValidate
    CASCookiePath /tmp/
    CASTimeout 43200
    CASIdleTimeout 3600
</IfModule>


<Location /wam>
    AuthType CAS
    Require valid-user
</Location>

<Directory /usr/local/share/WAM/loads/static>
    Require all granted
</Directory>

WSGIScriptAlias /wam /usr/local/share/WAM/WAM/wsgi.py

<Directory /usr/local/share/WAM/WAM>
    <Files wsgi.py>
        Require all granted
    </Files>
</Directory>

You will need to ensure you have Apache’s CAS and wsgi modules installed and enabled too.

I wasted a couple of hours going around the houses on this one, so hopefully it may save you. I will be hosting the project for my modeller on foss.ulster.ac.uk along with the code once I move it from GitHub.

Upgrading from Serendipity to WordPress on Debian

As you may have noticed, I have upgraded from Serendipity, which was creaking a bit, and seems to no longer be supported by Debian to WordPress. It was a moderately complex task, as I wanted to preserve backwards compatibility and a lot of content with mathematics and code.

I installed the Debian package, and tried to follow the instructions on the Debian wiki but they are perhaps out of date. I got an error trying to setup the database, but found it was there and functional.

I  then used this excellent script to help import the old serendipity data. It wasn’t without problems, the script needed to be placed (on the Debian installed package) under /var/lib/wordpress/wp-content/plugins/ within a directory to be registered by WordPress as a plugin, but I got that working in the end.

This was an attempt to preserve ID fields as well. It seems to have worked – which has simplified redirects (see below). Comments have been “flattened” as the script warned, and there’s clearly a character-set issue here and there, but these weren’t serious issues for me. Your mileage may vary.

I found a good plugin for GeHSI style code formatting which I was using in Serendipity, albeit the syntax is very slightly different so I have some work to do editing a few entries (I don’t want to attempt a global SQL regexp find and replace if I don’t have to). I found this excellent seeming plugin for Latex and switched it into site-wide mode. So far, checking a few old articles, it JustWorks (TM).

Some of my old posts have images in the serendipity media folders that will need moved, but I was keen to have links to the old blog redirect automatically. I was able to use

RedirectMatch permanent ^/serendipity/archives/([0-9]+).* http://www.piglets.org/blog/?p=$1

in my Serendipity Apache configuration to jump to the new articles.

I can start to dismantle the rest of serendipity, except for the media, quite soon now. It’s nice to have a platform that respects multiple device layouts, and hopefully comment spam will be easier to control too. A sample of most articles show they render OK, there are a few gotchas, and I’ll try to work through them in time.