Comments (26)
@manelclos I agree that sensitive information should be HTTPS. But my question is that in a development environment, where it may not have HTTPS all the time, does django-mama-cas still needs HTTPS in LOGOUT_URL?
from django-mama-cas.
@manelclos Thanks a lot for your reply and providing the example. Have you tested django-mama-cas server with 'MAMA_CAS_SERVICES'
because the way you have configured CAS server it is operating in "open mode".
So can you once check if you configure 'MAMA_CAS_SERVICES' in settings.py of cas server, does it work properly? If you can update the config after testing this, that will really help to resolve the issue. Thanks again. :)
from django-mama-cas.
@BarnabasSzabolcs do you mean 'LOGOUT_URL': 'http://127.0.1.1:80/accounts/callback' in the MAMA_CAS_SERVICES?
thanks,I have the same problem.
from django-mama-cas.
FYI I am using:
django-mama-cas==2.3.0 (as server)
django-cas-ng==3.5.8 (on the client side)
from django-mama-cas.
Hi @amanjots,
Of course you want HTTPS every time sensitive information like tokens or cookies travel across the network.
I'd say it is trying to use a proxy and it is not configured correctly, or you are not listening on the 443 port, I mean, it doesn't look like a CAS problem, but a network configuration problem.
from django-mama-cas.
I tried to trace all the django requests being sent or received. with django-request. And, I found that when a user clicks on Logout, he is logged out of the app, but there is no POST request sent for SLO messages to the other apps. So, user remains signed in the other apps.
from django-mama-cas.
I don't think so. I'll try to do some testing using the repository from #59 to check for both issues.
from django-mama-cas.
Ops, previous response if for previous comment. About your new comment, I think there is some bad configuration on your side.
from django-mama-cas.
Can you check that in the client you are using
CAS_LOGOUT_COMPLETELY = True
CAS_VERSION = '3'
and that you have this in your urls.py?
from django_cas_ng import views as cas_views
urlpatterns = [
...
url(r'^accounts/login/$', cas_views.login, name='login'),
url(r'^accounts/logout/$', cas_views.logout, name='logout'),
url(r'^admin/logout/$', cas_views.logout),
....
from django-mama-cas.
@manelclos yes the client has settings (CAS_LOGOUT_COMPLETELY = True & CAS_VERSION = '3'). In the URLs of the first django virtual environment, the Wagtail's admin authentication is to be handled by the django-ng-cas client, so the urls are:
url(r'^admin/login/$', cas_views.login, name='cas_ng_login'),
url(r'^admin/logout/$', cas_views.logout, name='cas_ng_logout'),
url(r'^accounts/callback$', cas_views.callback, name='cas_ng_proxy_callback'),
And, the third virtual environment is having django-helpdesk, and to use CAS for its authentication I have changed the url's to following:
url(r'^login/$', cas_views.login, name='cas_ng_login'),
url(r'^logout/$', cas_views.logout, name='cas_ng_logout'),
url(r'^accounts/callback$', cas_views.callback, name='cas_ng_proxy_callback'),
As per this tutorial , the callback "url processes logout request that comes from the CAS server." That's why I have used it in this way, and have also tried 'admin/callback' or 'accounts/callback' or even commenting it out as well.
In the above config, single sign-on works perfectly fine. But, single log out doesn't work at all.
from django-mama-cas.
I've never used the callback setting in urls.py.
from django-mama-cas.
@manelclos: I have tried without callback setitngs also, and SLO still doesn't work.
Further, I saw that you had found an issue with SLO before and tested it to work properly in #27
Can you please share the settings (from settings.py) and URLs of django-mama-cas and django-cas-ng that works for you? Thanks.
from django-mama-cas.
Hi @amanjots, I got some time today for testing this. Maybe you are missing this on the settings.py of the server (mama_cas):
MAMA_CAS_ENABLE_SINGLE_SIGN_OUT = True
I've fixed the SSO and SLO configurations so they are working in this example: https://github.com/manelclos/django-cas-test
See that when you log out from "cas_client" (app1) the cookie for the cas_server is deleted and also the one for "cas_client" (app1). "second_client" (app2) cookie is not deleted until you access "second_client" again.
Let me know if you get it working with the example repository.
from django-mama-cas.
from django-mama-cas.
@manelclos Thanks again. Can you please add 'MAMA_CAS_SERVICES' configuration that you tested to be working to https://github.com/manelclos/django-cas-test ?
from django-mama-cas.
Sure thing, see here: manelclos/django-cas-test@f1b1dd9
On the server you can check:
$ python manage.py checkservice http://127.0.0.1
Invalid service: http://127.0.0.1
$ python manage.py checkservice http://127.0.0.1:8001
Valid service: http://127.0.0.1:8001
Proxy allowed: True
Logout allowed: True
Logout URL: None
Callbacks:
from django-mama-cas.
@amanjots is this issue fixed?
from django-mama-cas.
@manelclos I will have to do the testing again soon. Actually, the project structure that I was working on is changed completely. So, I will have to setup my separate project to test this issue. Kindly allow me few days to ensure this issue is resolved. Thanks.
from django-mama-cas.
Thanks for the description - from this thread I figured out how to make this mama-client thing going. For me also does not work the single log out in local development mode if I use http protocol. I'll check on staging, if it works with https.
Manel, ( @manelclos ) I have a multi-language multi-domain site. I have - as you suggested:
settings.py:
MAMA_CAS_ENABLE_SINGLE_SIGN_OUT = True
CAS_LOGOUT_COMPLETELY = True
CAS_VERSION = '3'
urls.py:
path('accounts/', include('django.contrib.auth.urls')),
url(r'^cas/', include('mama_cas.urls')),
path('accounts/login', django_cas_ng.views.LoginView.as_view(), name='cas_ng_login'),
path('accounts/logout', django_cas_ng.views.LogoutView.as_view(), name='cas_ng_logout'),
url(r'^admin/logout/$', django_cas_ng.views.LogoutView.as_view()),
- first I log in on Site1
- then I go to Site2 and get automatically logged in
- now I log out on Site2
- expect to get logged out on Site1 but I stay logged in.
What am I missing?
Probably relevant part of my requirements.txt:
django-cas-ng==3.6.0
django-hosts==3.0
django-mama-cas==2.4.0
django==2.2.2
from django-mama-cas.
Ok, now I've figured out. MAMA CAS calls back the relevant CAS clients and says goodbye.
For that MAMA CAS has to be said where to say good bye (it is done using the MAMA_CAS_SERVICES
config variable) and the client has to provide a place for calling back (in case of DJANGO_CAS_NG it is CallbackView
- they recommend setting "/acconts/callback"
as AP).
from django-mama-cas.
@lluww probably yes. My solution was to put my server behind nginx, locally.
from django-mama-cas.
The fact that request.user is AnonymousUser in the LogoutView function means that the logout_user(request) function will not be executed, resulting in a single logout failure, but I can't find a solution.
from django-mama-cas.
@BarnabasSzabolcs
thanks,I will configure nginx and try again, only change 'LOGOUT_URL' doesn't work.
from django-mama-cas.
@lluww
Ah, one more thing: with nginx I use mkcert https://github.com/FiloSottile/mkcert to generate local ssh certificates.
ssl_certificate /full/path/to/mypage.test-fullchain.pem;
ssl_certificate_key /full/path/to/mypage.test-key.pem;
and then mama-cas works fine for me. (otherwise I get some weird redirect on logout... something like http://127.0.0.1:8000/http://127.0.0.1:8000/)
from django-mama-cas.
@BarnabasSzabolcs Oh, I know my problem. I guess I forget to add 'django_cas_ng.middleware.CASMiddleware' in client app's setting.MIDDLEWARE. After that I can single-logout.
I haven't install nginx
this is my logout url:
Request URL: http://127.0.0.1:8000/logout?service=http%3A%2F%2F127.0.1.2%3A8000%2F
Request Method: GET
Status Code: 302 Found
Remote Address: 127.0.0.1:8000
#setting.py server
MAMA_CAS_SERVICES = [
{
'SERVICE': 'http://127.0.1.1:8000',
'CALLBACKS': [
'mama_cas.callbacks.user_model_attributes',
],
'LOGOUT_ALLOW': True,
'LOGOUT_URL': 'http://127.0.1.1:8000/accounts/callback',
'PROXY_ALLOW': True,
# 'PROXY_PATTERN': '^https://proxy.example.com',
},
{
'SERVICE': 'http://127.0.1.2:8000',
'CALLBACKS': [
'mama_cas.callbacks.user_model_attributes',
],
'LOGOUT_ALLOW': True,
'LOGOUT_URL': 'http://127.0.1.2:8000/accounts/callback',
'PROXY_ALLOW': True,
# 'PROXY_PATTERN': '^https://proxy.example.com',
}
]
MAMA_CAS_ENABLE_SINGLE_SIGN_OUT = True
#setting.py client
ALLOWED_HOSTS = ['127.0.1.2']
CAS_SERVER_URL = 'http://127.0.0.1:8000'
CAS_VERSION = '3'
CAS_APPLY_ATTRIBUTES_TO_USER = True
CAS_LOGOUT_COMPLETELY = True
AUTHENTICATION_BACKENDS = (
'django.contrib.auth.backends.ModelBackend',
'django_cas_ng.backends.CASBackend',
)
from django-mama-cas.
Hello, I have a problem in making a logout system using mama cas, I can't get service at the login URL after logging out.
How to get service in URL when logout using mama cas?
from django-mama-cas.
Related Issues (20)
- /cas/validate returns no
- Signup and password reset? HOT 2
- ImportError: cannot import name 'python_2_unicode_compatible' HOT 1
- build pip package please HOT 4
- django 3.1.5 - cannot import name 'python_2_unicode_compatible' HOT 2
- django-mama-cas and python-social-auth HOT 2
- Allow service backends to have access to the current request or user
- Allow services to decide if a request should be warned (`warn_user`)
- Django 4.2 support HOT 1
- How does djang_mama_cas solve the problem of implementing single sign out
- Custom Username CAS
- Single logout should raise on request failure HOT 1
- Single logout breaks with multiple sessions HOT 2
- Why is this code in models. py not executed when logout? HOT 3
- About the “expire” of ST Model HOT 1
- Question: Adding Two-Factor Auth HOT 1
- Still active? HOT 9
- Do MAMA_CAS_USER_ATTRIBUTES and MAMA_CAS_PROFILE_ATTRIBUTES work? HOT 4
- Sign on without ticket generation HOT 10
- Single Sign Out sometime can't work normally with error "Connection reset by peer" HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-mama-cas.