cas_server.default_settings module

Default values for the app’s settings

cas_server.default_settings.CAS_LOGO_URL = '/static/cas_server/logo.png'

URL to the logo showed in the up left corner on the default templates.

cas_server.default_settings.CAS_FAVICON_URL = '/static/cas_server/favicon.ico'

URL to the favicon (shortcut icon) used by the default templates. Default is a key icon.

cas_server.default_settings.CAS_SHOW_POWERED = True

Show the powered by footer if set to True

cas_server.default_settings.CAS_COMPONENT_URLS = {'bootstrap3_css': '//maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css', 'bootstrap3_js': '//maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js', 'bootstrap4_css': '//stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css', 'bootstrap4_js': '//stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js', 'html5shiv': '//oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js', 'jquery': '//code.jquery.com/jquery.min.js', 'respond': '//oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js'}

URLs to css and javascript external components.

cas_server.default_settings.CAS_LOGIN_TEMPLATE = 'cas_server/bs4/login.html'

Path to the template showed on /login then the user is not autenticated.

cas_server.default_settings.CAS_WARN_TEMPLATE = 'cas_server/bs4/warn.html'

Path to the template showed on /login?service=… then the user is authenticated and has asked to be warned before being connected to a service.

cas_server.default_settings.CAS_LOGGED_TEMPLATE = 'cas_server/bs4/logged.html'

Path to the template showed on /login then to user is authenticated.

cas_server.default_settings.CAS_LOGOUT_TEMPLATE = 'cas_server/bs4/logout.html'

Path to the template showed on /logout then to user is being disconnected.

cas_server.default_settings.CAS_REDIRECT_TO_LOGIN_AFTER_LOGOUT = False

Should we redirect users to /login after they logged out instead of displaying CAS_LOGOUT_TEMPLATE.

cas_server.default_settings.CAS_AUTH_CLASS = 'cas_server.auth.DjangoAuthUser'

A dotted path to a class or a class implementing cas_server.auth.AuthUser.

cas_server.default_settings.CAS_PROXY_CA_CERTIFICATE_PATH = True

Path to certificate authorities file. Usually on linux the local CAs are in /etc/ssl/certs/ca-certificates.crt. True tell requests to use its internal certificat authorities.

cas_server.default_settings.CAS_SLO_MAX_PARALLEL_REQUESTS = 10

Maximum number of parallel single log out requests send if more requests need to be send, there are queued

cas_server.default_settings.CAS_SLO_TIMEOUT = 5

Timeout for a single SLO request in seconds.

cas_server.default_settings.CAS_AUTH_SHARED_SECRET = ''

Shared to transmit then using the view cas_server.views.Auth

cas_server.default_settings.CAS_TGT_VALIDITY = None

Max time after with the user MUST reauthenticate. Let it to None for no max time. This can be used to force refreshing cached informations only available upon user authentication like the user attributes in federation mode or with the ldap auth in bind mode.

cas_server.default_settings.CAS_TICKET_VALIDITY = 60

Number of seconds the service tickets and proxy tickets are valid. This is the maximal time between ticket issuance by the CAS and ticket validation by an application.

cas_server.default_settings.CAS_PGT_VALIDITY = 3600

Number of seconds the proxy granting tickets are valid.

cas_server.default_settings.CAS_TICKET_TIMEOUT = 86400

Number of seconds a ticket is kept in the database before sending Single Log Out request and being cleared.

cas_server.default_settings.CAS_TICKET_LEN = 64

All CAS implementation MUST support ST and PT up to 32 chars, PGT and PGTIOU up to 64 chars and it is RECOMMENDED that all tickets up to 256 chars are supports so we use 64 for the default len.

cas_server.default_settings.CAS_LT_LEN = 64

alias of settings.CAS_TICKET_LEN

cas_server.default_settings.CAS_ST_LEN = 64

alias of settings.CAS_TICKET_LEN Services MUST be able to accept service tickets of up to 32 characters in length.

cas_server.default_settings.CAS_PT_LEN = 64

alias of settings.CAS_TICKET_LEN Back-end services MUST be able to accept proxy tickets of up to 32 characters.

cas_server.default_settings.CAS_PGT_LEN = 64

alias of settings.CAS_TICKET_LEN Services MUST be able to handle proxy-granting tickets of up to 64

cas_server.default_settings.CAS_PGTIOU_LEN = 64

alias of settings.CAS_TICKET_LEN Services MUST be able to handle PGTIOUs of up to 64 characters in length.

cas_server.default_settings.CAS_LOGIN_TICKET_PREFIX = 'LT'

Prefix of login tickets.

cas_server.default_settings.CAS_SERVICE_TICKET_PREFIX = 'ST'

Prefix of service tickets. Service tickets MUST begin with the characters ST so you should not change this.

cas_server.default_settings.CAS_PROXY_TICKET_PREFIX = 'PT'

Prefix of proxy ticket. Proxy tickets SHOULD begin with the characters, PT.

cas_server.default_settings.CAS_PROXY_GRANTING_TICKET_PREFIX = 'PGT'

Prefix of proxy granting ticket. Proxy-granting tickets SHOULD begin with the characters PGT.

cas_server.default_settings.CAS_PROXY_GRANTING_TICKET_IOU_PREFIX = 'PGTIOU'

Prefix of proxy granting ticket IOU. Proxy-granting ticket IOUs SHOULD begin with the characters PGTIOU.

cas_server.default_settings.CAS_SQL_HOST = 'localhost'

Host for the SQL server.

cas_server.default_settings.CAS_SQL_USERNAME = ''

Username for connecting to the SQL server.

cas_server.default_settings.CAS_SQL_PASSWORD = ''

Password for connecting to the SQL server.

cas_server.default_settings.CAS_SQL_DBNAME = ''

Database name.

cas_server.default_settings.CAS_SQL_DBCHARSET = 'utf8'

Database charset.

cas_server.default_settings.CAS_SQL_USER_QUERY = 'SELECT user AS username, pass AS password, users.* FROM users WHERE user = %s'

The query performed upon user authentication.

cas_server.default_settings.CAS_SQL_PASSWORD_CHECK = 'crypt'

The method used to check the user password. Must be one of "crypt", "ldap", "hex_md5", "hex_sha1", "hex_sha224", "hex_sha256", "hex_sha384", "hex_sha512", "plain".

cas_server.default_settings.CAS_SQL_PASSWORD_CHARSET = 'utf-8'

charset the SQL users passwords was hash with

cas_server.default_settings.CAS_LDAP_SERVER = 'localhost'

Address of the LDAP server

cas_server.default_settings.CAS_LDAP_USER = None

LDAP user bind address, for example "cn=admin,dc=crans,dc=org" for connecting to the LDAP server.

cas_server.default_settings.CAS_LDAP_PASSWORD = None

LDAP connection password

cas_server.default_settings.CAS_LDAP_BASE_DN = None

LDAP seach base DN, for example "ou=data,dc=crans,dc=org".

cas_server.default_settings.CAS_LDAP_USER_QUERY = '(uid=%s)'

LDAP search filter for searching user by username. User inputed usernames are escaped using ldap3.utils.conv.escape_bytes().

cas_server.default_settings.CAS_LDAP_USERNAME_ATTR = 'uid'

LDAP attribute used for users usernames

cas_server.default_settings.CAS_LDAP_PASSWORD_ATTR = 'userPassword'

LDAP attribute used for users passwords

cas_server.default_settings.CAS_LDAP_PASSWORD_CHECK = 'ldap'

The method used to check the user password. Must be one of "crypt", "ldap", "hex_md5", "hex_sha1", "hex_sha224", "hex_sha256", "hex_sha384", "hex_sha512", "plain", "bind".

cas_server.default_settings.CAS_LDAP_PASSWORD_CHARSET = 'utf-8'

charset the LDAP users passwords was hash with

cas_server.default_settings.CAS_LDAP_ATTRS_VIEW = 0

This parameter is only used then CAS_LDAP_PASSWORD_CHECK is set to "bind".

  • if 0 the user attributes are retrieved by connecting to the ldap as CAS_LDAP_USER.
  • if 1 the user attributes are retrieve then the user authenticate using the user credentials. These attributes are then cached for the session.

The default is 0.

cas_server.default_settings.CAS_TEST_USER = 'test'

Username of the test user.

cas_server.default_settings.CAS_TEST_PASSWORD = 'test'

Password of the test user.

cas_server.default_settings.CAS_TEST_ATTRIBUTES = {'alias': ['demo1', 'demo2'], 'email': 'anonymous@example.net', 'nom': 'Nymous', 'prenom': 'Ano'}

Attributes of the test user.

cas_server.default_settings.CAS_ENABLE_AJAX_AUTH = False

A bool for activatinc the hability to fetch tickets using javascript.

cas_server.default_settings.CAS_FEDERATE = False

A bool for activating the federated mode

cas_server.default_settings.CAS_FEDERATE_REMEMBER_TIMEOUT = 604800

Time after witch the cookie use for “remember my identity provider” expire (one week).

cas_server.default_settings.CAS_NEW_VERSION_HTML_WARNING = True

A bool for diplaying a warning on html pages then a new version of the application is avaible. Once closed by a user, it is not displayed to this user until the next new version.

cas_server.default_settings.CAS_NEW_VERSION_EMAIL_WARNING = True

A bool for sending emails to settings.ADMINS when a new version is available.

cas_server.default_settings.CAS_NEW_VERSION_JSON_URL = 'https://pypi.org/pypi/django-cas-server/json'

URL to the pypi json of the application. Used to retreive the version number of the last version. You should not change it.

cas_server.default_settings.CAS_SHOW_SERVICE_MESSAGES = True

If the service message should be displayed on the login page

cas_server.default_settings.CAS_INFO_MESSAGES = {'cas_explained': {'discardable': True, 'message': "The Central Authentication Service grants you access to most of our websites by authenticating only once, so you don't need to type your credentials again unless your session expires or you logout.", 'type': 'info'}}

Messages displayed in a info-box on the html pages of the default templates. CAS_INFO_MESSAGES is a dict mapping message name to a message dict. A message dict has 3 keys:

  • message: A unicode, the message to display, potentially wrapped around ugettex_lazy
  • discardable: A bool, specify if the users can close the message info-box
  • type: One of info, success, info, warning, danger. The type of the info-box.

CAS_INFO_MESSAGES contains by default one message, cas_explained, which explain roughly the purpose of a CAS.

cas_server.default_settings.CAS_INFO_MESSAGES_ORDER = []

list of message names. Order in which info-box messages are displayed. Let the list empty to disable messages display.

bool If True Django session cookie will be removed on logout from CAS server

bool If True Django csrf cookie will be removed on logout from CAS server

bool If True Django language cookie will be removed on logout from CAS server

class cas_server.default_settings.SessionStore(session_key=None)[source]

Bases: django.contrib.sessions.backends.base.SessionBase

Implement database session store.

classmethod get_model_class()[source]
model
load()[source]

Load the session data and return a dictionary.

exists(session_key)[source]

Return True if the given session_key already exists.

create()[source]

Create a new session instance. Guaranteed to create a new object with a unique key and will have saved the result once (with empty data) before the method returns.

create_model_instance(data)[source]

Return a new instance of the session model object, which represents the current session state. Intended to be used for saving the session data to the database.

save(must_create=False)[source]

Save the current session data to the database. If ‘must_create’ is True, raise a database error if the saving operation doesn’t create a new entry (as opposed to possibly updating an existing entry).

delete(session_key=None)[source]

Delete the session data under this key. If the key is None, use the current session key value.

classmethod clear_expired()[source]

Remove expired sessions from the session store.

If this operation isn’t possible on a given backend, it should raise NotImplementedError. If it isn’t necessary, because the backend has a built-in expiration mechanism, it should be a no-op.