The primary prerequesite of django-mama-cas is Django itself. For django-mama-cas 0.3, Django 1.4 or later is required. Earlier versions of Django may work, but are not tested or supported. See the Django downloads page for information on downloading and installing Django.
The Python requests library is also required, but should be automatically installed during the installation process described below.
You will also need at least one authentication backend installed and configured, depending on your authoritative authentication source.
The easiest way to install django-mama-cas is using pip. Simply type:
pip install django-mama-cas
It is recommended to run this command within a virtualenv so django-mama-cas is installed in an isolated environment instead of system wide.
You can also manually download django-mama-cas from GitHub. Extract the downloaded archive and install it with:
python setup.py install
Alternately, you can manually put django-mama-cas anywhere, provided it is on the Python path. If you take the route, you will also need to manually install the requests library dependency.
Once installed, add django-mama-cas to your project by modifying the INSTALLED_APPS setting within your project’s settings.py to include this line:
'mama_cas',
Once django-mama-cas is added to the project, run python manage.py syncdb to create the required database tables.
django-mama-cas can be modified using several custom settings. None are required, but can be used to override the defaults.
A dictionary of name and User attribute values to be returned along with a service or proxy validation success. The key can be any meaningful string, while the value must correspond with an attribute on the User object. For example:
MAMA_CAS_USER_ATTRIBUTES = {
'givenName': 'first_name',
'sn': 'last_name',
'email': 'email',
}
A dictionary of name and user profile attribute values to be returned along with a service or proxy validation success. The key can be any meaningful string, while the value must correspond with an attribute on the user profile object. If no user profile is configured or available, this setting will be ignored. For example:
MAMA_CAS_PROFILE_ATTRIBUTES = {
'employeeID': 'id_number',
}
A list of valid service regular expressions that a service URL is tested against when a ticket is validated. If none of the regular expressions match the provided URL, the request fails. Any valid Python regular expression is accepted. If no valid services are configured, any service URL will be allowed. For example:
MAMA_CAS_VALID_SERVICES = (
'https?://www\.example\.edu/secure/.*',
'https://.*\.example\.com/.*',
)
django-mama-cas relies on standard Django sessions to control session storage and expiration. To understand how sessions work within Django, read the session documentation. There are three particular settings that control where sessions are stored and when they expire:
It is recommended that SESSION_COOKIE_AGE be set shorter than the default of two weeks. SESSION_EXPIRE_AT_BROWSER_CLOSE should be set to True to conform to the CAS specification. Both of these settings can be configured to meet your particular environment and security needs.
django-mama-cas includes a Django URLconf that provides the required CAS URIs (e.g. login, logout, validate, etc.). They are located in mama_cas.urls and can be included directly in your project’s root URLconf. For example:
(r'', include('mama_cas.urls')),
This would make the CAS server available at the top level of your project’s URLs. If this is not the desired path, add a base to the included URLs. For example, if you wished the CAS server to be available under the /cas/ root, use:
(r'^cas/', include('mama_cas.urls')),
All CAS enabled services need to be configured according to the URL settings here. Changing the CAS URLs within mama_cas.urls is not recommended as that will likely break standard CAS behavior.
django-mama-cas comes with a basic login template implementing standard username and password authentication. It will work as provided, but can also be extended or replaced according to your needs.
If you are returning custom user attributes with a service or proxy validation response, you may also need to change the validation XML template to return the attributes in the correct format.
Read the template documentation for more information on the included templates and customization.
django-mama-cas does not perform any authentication itself. It relies on the configured Django authentication backends for that task. The process of configuring authentication backends will change depending on the backend in use.
See also