On Wed, Dec 16, 2009 at 04:53:49PM +0100, Thomas Bellembois wrote: > What is the best way to user CAS authentication with Pylon ? > I tried to use pycas (http://www.ja-sig.org/wiki/display/CASC/Pycas) > putting the four lines in one of my controllers but this led to server > errors.
I never found an easy to use, ready to go Python module. It was
pretty easy to roll my own - CAS is pretty trivial. I have an
authentication controller that users are redirected to if they do not
have a properly authenticated session. The CAS interaction looks
like:
-----
if not request.params.has_key("ticket"):
url = "%s/login?service=%s" % (config.get('casurl'),
urllib.quote(config.get('appurl')))
return redirect(url, code=307)
else:
url = "%s/validate?service=%s&ticket=%s" % (config.get('casurl'),
urllib.quote(config.get('appurl')), request.params["ticket"])
(response, username) = urllib.urlopen(url).readlines()
if response.strip() == "no":
url = "%s/login?service=%s" % (config.get('casurl'),
urllib.quote(config.get('appurl')))
return redirect(url, code=307)
-----
In my config, the variables look like this:
casurl = https://cas-host/
appurl = https://myapp/auth/
If the user passes CAS and falls through the above code, my app sets
them up a session with the appropriate authorization details.
On the official CAS server, you'll need to do a bit more elaborate
parsing of the response - the above works with RubyCAS, which
implements different responses.
Authorization is then done with the username against an LDAP
directory. CAS is purely for authentication.
Ross
--
Ross Vandegrift
[email protected]
"If the fight gets hot, the songs get hotter. If the going gets tough,
the songs get tougher."
--Woody Guthrie
signature.asc
Description: Digital signature
