Skip to main content

Apereo CAS authentication backend for pretix

Project description

Pretix CAS SSO Plugin

CI

This is a plugin for pretix that provides a pluggable authentication backend for Apereo CAS SSO servers.

It also allows you to create rules that automatically assign users to teams based upon the attributes provided by the SSO Server.

Table of contents

Usage

Login

To log into pretix using the CAS authentication backend, click the button with the label "TU Darmstadt HRZ SSO". Logging into pretix using the native authentication backend works just like without the plugin. The only difference is that since there are two active authentication backends, the selection of the backend is available.

Login form with native authentication backend and TU Darmstadt SSO Backend

Team assignment rules

To create a new team assignment rule, you need to activate the organizer account that the team is associated to. This is done by selecting the corresponding organizer account in the dropdown menu:

organizer account selection dropdown menu

Make sure that you have already created the team that you want to assign users to and that your account has the "Can change organizer settings" permission. To create a team assignment rule, go to the "Team assignment rules" section in the panel on the left and press the "Create team assignment rule" button.

sidepanel with arrow to team assignment rules column and arrow to create team assignment rule button

Next select the team that the users with the attributes are assigned to and insert the attribute to the text box. Press "Save" to create the rule.

creation of team assignment rule

The rule should now be visible in the overview and can be modified or deleted by using the buttons on the right.

successful creation of team assignment rule with buttons for modification and deletion

Supported types of team assignment rules

Assignment rule attributes are checked against the groupMembership and ou CAS attributes of users. When a user with the groupMembership attributes {..., o=tu-darmstadt, ...} logs in and there is an assignment rule with the attribute field "o=tu-darmstadt", the user is added to the corresponding team. Assignment rules for ou attributes work similarly: A user with the ou attributes {..., FB20, ...} will be added to every team with an assignment rule with "FB20" in the attribute field. The process of adding assignment rules with ou-attributes and groupMembership-attributes is the same.

To check your own attributes go to: https://sso.tu-darmstadt.de/login?service=http://localhost

General remarks

  • Since the attributes of the users are only accessible on login, they are only assigned to teams on every login through SSO.
  • Users are not removed from teams when the associated assignment rule is removed

Installation

  1. Make sure that you have a working pretix installation. Please refer to: official installation guide
  2. Make sure that you have activated your python virtual environment of your pretix installation
  3. Install the plugin through pip install pretix-cas
  4. Add the following to the pretix configuration file to activate the authentication backend:
    [pretix]
    ; Activate both the CAS authentication backend and the Native authentication backend
    auth_backends=pretix.base.auth.NativeAuthBackend,pretix_cas.auth_backend.CasAuthBackend
    
  5. This plugin uses the TU Darmstadt CAS server by default. The default configuration can be overriden by adding a [pretix_cas] section to the pretix configuration file. The configuration for the example.org CAS server looks like this:
    [pretix_cas]
    ; CAS server URL
    cas_server_url=https://sso.example.org
    ; Name of the CAS authentication option that is displayed above the login prompt
    cas_server_name=Example Inc. SSO
    ; Default CAS version
    cas_version=CAS_2_SAML_1_0
    
  6. Restart the pretix server. You should now be able to login through CAS and manage team assignment rules.

Development setup

  1. Make sure that you have a working pretix development setup.
  2. Clone this repository, e.g. to local/pretix-cas.
  3. Activate the virtual environment you use for pretix development.
  4. Execute python setup.py develop within this directory to register this application with pretix's plugin registry.
  5. Execute make within this directory to compile translations.
  6. Create a pretix configuration file with at least the following in it:
    [pretix]
    auth_backends=pretix.base.auth.NativeAuthBackend,pretix_cas.auth_backend.CasAuthBackend
    
  7. Restart your local pretix server. You can now use the plugin from this repository.

License

Copyright 2019 - 2020, Benjamin Hättasch and TU Darmstadt Bachelorpraktikum 2019/2020 Group 45

Released under the terms of the Apache License 2.0

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pretix-cas-1.2.0.tar.gz (14.0 kB view details)

Uploaded Source

Built Distribution

pretix_cas-1.2.0-py3-none-any.whl (17.4 kB view details)

Uploaded Python 3

File details

Details for the file pretix-cas-1.2.0.tar.gz.

File metadata

  • Download URL: pretix-cas-1.2.0.tar.gz
  • Upload date:
  • Size: 14.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.6.0 requests/2.24.0 setuptools/50.3.2 requests-toolbelt/0.9.1 tqdm/4.50.2 CPython/3.7.10

File hashes

Hashes for pretix-cas-1.2.0.tar.gz
Algorithm Hash digest
SHA256 eb1b279694fe39a5a936a3fddb9fb76316871f3e29424964be8e1e456585092a
MD5 309f516379ab206c711a9902eb7901e7
BLAKE2b-256 335625fbe9cca8f9426690a7763112e94e36f06748dbfa4e57a1f559792dfa75

See more details on using hashes here.

File details

Details for the file pretix_cas-1.2.0-py3-none-any.whl.

File metadata

  • Download URL: pretix_cas-1.2.0-py3-none-any.whl
  • Upload date:
  • Size: 17.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.6.0 requests/2.24.0 setuptools/50.3.2 requests-toolbelt/0.9.1 tqdm/4.50.2 CPython/3.7.10

File hashes

Hashes for pretix_cas-1.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 f3222682ec4d18e39715d7bf16df38c2f2d225922668907bf7f4a6d68340c85d
MD5 02dc6082955759fbdc42d31ee07b63f1
BLAKE2b-256 88b5b762faa577d00dc37ad6f922363e9ffb5d794bd9086a2f98f5e3cf48c718

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page