Apereo CAS authentication backend for pretix
Project description
Pretix CAS SSO Plugin
This is a plugin for pretix that provides a pluggable authentication backend for Apereo CAS SSO servers.
It also allows you to create rules that automatically assign users to teams based upon the attributes provided by the SSO Server.
Table of contents
- Usage
- Supported types of team assignment rules
- General remarks
- Installation
- Development setup
- License
Usage
Login
To log into pretix using the CAS authentication backend, click the button with the label "TU Darmstadt HRZ SSO". Logging into pretix using the native authentication backend works just like without the plugin. The only difference is that since there are two active authentication backends, the selection of the backend is available.
Team assignment rules
To create a new team assignment rule, you need to activate the organizer account that the team is associated to. This is done by selecting the corresponding organizer account in the dropdown menu:
Make sure that you have already created the team that you want to assign users to and that your account has the "Can change organizer settings" permission. To create a team assignment rule, go to the "Team assignment rules" section in the panel on the left and press the "Create team assignment rule" button.
Next select the team that the users with the attributes are assigned to and insert the attribute to the text box. Press "Save" to create the rule.
The rule should now be visible in the overview and can be modified or deleted by using the buttons on the right.
Supported types of team assignment rules
Assignment rule attributes are checked against the groupMembership and ou CAS attributes of users. When a user with the groupMembership attributes {..., o=tu-darmstadt, ...} logs in and there is an assignment rule with the attribute field "o=tu-darmstadt", the user is added to the corresponding team. Assignment rules for ou attributes work similarly: A user with the ou attributes {..., FB20, ...} will be added to every team with an assignment rule with "FB20" in the attribute field. The process of adding assignment rules with ou-attributes and groupMembership-attributes is the same.
To check your own attributes go to: https://sso.tu-darmstadt.de/login?service=http://localhost
General remarks
- Since the attributes of the users are only accessible on login, they are only assigned to teams on every login through SSO.
- Users are not removed from teams when the associated assignment rule is removed
Installation
- Make sure that you have a working pretix installation. Please refer to: official installation guide
- Make sure that you have activated your python virtual environment of your pretix installation
- Install the plugin through
pip install pretix-cas - Add the following to the pretix configuration file to activate the authentication backend:
[pretix] ; Activate both the CAS authentication backend and the Native authentication backend auth_backends=pretix.base.auth.NativeAuthBackend,pretix_cas.auth_backend.CasAuthBackend
- This plugin uses the TU Darmstadt CAS server by default. The default configuration can be overriden by adding a
[pretix_cas]section to the pretix configuration file. The configuration for the example.org CAS server looks like this:[pretix_cas] ; CAS server URL cas_server_url=https://sso.example.org ; Name of the CAS authentication option that is displayed above the login prompt cas_server_name=Example Inc. SSO ; Default CAS version cas_version=CAS_2_SAML_1_0
- Restart the pretix server. You should now be able to login through CAS and manage team assignment rules.
Development setup
- Make sure that you have a working pretix development setup.
- Clone this repository, e.g. to
local/pretix-cas. - Activate the virtual environment you use for pretix development.
- Execute
python setup.py developwithin this directory to register this application with pretix's plugin registry. - Execute
makewithin this directory to compile translations. - Create a pretix configuration file with at least the following in it:
[pretix] auth_backends=pretix.base.auth.NativeAuthBackend,pretix_cas.auth_backend.CasAuthBackend
- Restart your local pretix server. You can now use the plugin from this repository.
License
Copyright 2019 - 2020, Benjamin Hättasch and TU Darmstadt Bachelorpraktikum 2019/2020 Group 45
Released under the terms of the Apache License 2.0
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for pretix_cas-1.2.0-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | f3222682ec4d18e39715d7bf16df38c2f2d225922668907bf7f4a6d68340c85d |
|
| MD5 | 02dc6082955759fbdc42d31ee07b63f1 |
|
| BLAKE2-256 | 88b5b762faa577d00dc37ad6f922363e9ffb5d794bd9086a2f98f5e3cf48c718 |