Skip to main content

A WSGI middleware module to enable CAS authentication

Project description

##Running as a test
Ahead of running the test script you will need support for python virtualenv and pip

> sudo apt-get install python-pip
> sudo pip install virtualenv

##Running as part of a WSGI Application under Apache

> apt-get install libapache2-mod-wsgi

You will need to set up the virtualenv, see the test/ script if you are unsure how to do this.

In your Apache configuration file:

WSGIApplicationGroup %{GLOBAL}
WSGIScriptReloading On

WSGIDaemonProcess MyApp processes=2 threads=25 python-path=/path/to/virtualenv/lib/python2.7/site-packages

Alias /MyApp/ "/path/to/MyApp/"
<Directory "/path/to/MyApp">
WSGIProcessGroup MyApp
Options Indexes FollowSymLinks MultiViews ExecCGI
MultiviewsMatch Handlers
AddHandler wsgi-script .wsgi .py
AddHandler cgi-script .cgi .pl
AllowOverride All

Copy the files from wsgi_app to /path/to/MyApp

Your URL will then be of the form /MyApp/app.wsgi/

This example allows for static HTML files to be placed in the directory /static - you can, of course, change this



This is url of your CAS server - typically

/login, /logout etc are appended to this url


If the application is behind a proxy server then, if the context is different frm the application server, then this parameter should be set as the proxy server context


This url will be intercepted by the middleware to log you out of the application, and CAS

This will clear the local session and forward the request to the CAS logout page


Where to go after you have logged out


Only CAS version 2 and 3 are supported


A page to go to if authentication fails, if not set a simple message is displayed


It is necessary to define the entry page for single log out to work

CAS will post a message to this URL, which must be the same as the originally validated page, when a log out is performed on the CAS server.


Werkzeug sessions are used and it's necessary to define a store to keep them in


Sometimes when you are not authenticated you don't want to redirect to CAS, this regex defines these URLs


A function defining what to do when the ignore_redirect regex matches


Default = None, A regular expression for pages that use a CAS gateway i.e. test if logged in but never show the log in page


Default = ';', How to separate the groups returned from CAS as part of attribute release


Default = 'HTTP_CAS_MEMBEROF', The name of the environment variable containing the groups

###cas_private_key (CAS 4.1)

Default = None, The name of a file containing the private key used for decrypting the credentials attribute when using clearpass. This will be available in the PASSWORD environment variable. The value is held in the session using encryption keys held only in memory.


Default = False, Ensures https when validating the ticket

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

CASWSGIMiddleware-1.2.1.tar.gz (8.6 kB view hashes)

Uploaded source

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page