{
"info": {
"author": "Simon Thepot, Mathieu Pasquet",
"author_email": "dj.coin@laposte.net, kiorky@cryptelium.net",
"bugtrack_url": null,
"classifiers": [
"Development Status :: 2 - Pre-Alpha",
"Intended Audience :: Developers",
"License :: OSI Approved :: BSD License",
"Natural Language :: English",
"Operating System :: OS Independent",
"Programming Language :: Python",
"Topic :: Internet :: WWW/HTTP :: WSGI :: Middleware",
"Topic :: System :: Systems Administration :: Authentication/Directory"
],
"description": "Introduction\n============\n\n.. contents::\n\n``repoze.who.plugins.cas`` is a plugin for the `repoze.who framework\n`_ that enables Single Sign-On (SSO)\nfor applications via a Central Authentication Service (CAS) server.\n\n.. image:: https://secure.travis-ci.org/kiorky/repoze.who.plugins.cas.png\n :target: http://travis-ci.org/kiorky/repoze.who.plugins.cas\n\n\nThe plugin follows the protocols described\nin the `official documentation `_ for\nlogin, ticket validation, and logout. The plugin has been tested against\ninstances of CAS 3.0+ servers.\n\nCompatibility Note\n------------------\n\nWhilst the plugin supports both CAS 1.0- and CAS 2.0-style service ticket\nvalidation, the plugin has currently only been tested against instances of\nCAS 3.0+ servers. Backwards compatibility is unknown at the point and\nassistance testing this plugin is welcomed.\n\nPotential Applications\n----------------------\n\nApplications which can be used :\n\n- Apps complying with the `simple_authentication WSGI specification\n `_, which take\n advantage of the REMOTE_USER key in the WSGI environment.\n- Custom applications that utilise the ``repoze.who`` environment\n variables present within a WSGI request.\n- Apps which can handle themselves the CAS mechanism (for example: phpBB\n with the CAS patch, using ``wphp`` as a Paste filter for integration of\n PHP with Python),\n\nLinks\n-----\n\n- `Official link for CAS `_\n\nDevelopment\n-----------\n\nTo run the test suite, clone this project from source code hosting and\nrun the following::\n\n cd repoze.who.plugins.cas\n python bootstrap.py\n ./bin/buildout\n ./bin/test\n\nCredits\n-------\n\n|makinacom|_\n\n* `Planet Makina Corpus `_\n* `Contact us `_\n\n.. |makinacom| image:: http://depot.makina-corpus.org/public/logo.gif\n.. _makinacom: http://www.makina-corpus.com\n\n\nDocumentation\n=============\n\n\n\n\n\nInstalling\n==========\n\nRequirement\n------------\n\nYou must have a CAS server working and you will need to know the URL to your\nCAS server. Typically, this will be the part of the URL before your\n``/login`` or ``/logout`` URLs for CAS. For example::\n\n https://example.edu/cas/\n\nAll URLs for CAS login, validation, and logout will be built using this\naddress.\n\nCAS\n---\n\nYou must ensure that logout is enabled on your CAS server.\nTypically, this involves adding::\n\n \n\ninto the ``LogoutController`` bean in your ``cas-servlet.xml`` file.\nAsk your system administrator if you're unsure about the above.\n\nAttribute release\n-----------------\n\nIf your CAS server supports it, this plugin can parse and capture \nuser metadata attributes being released during the CAS ticket validation\nprocess. By specifying an identifer for ``attributes_name`` in the plugin\nconfiguration, attributes released from CAS will be stored into the\n``repoze.who`` identity within the given environment. Given the way\nCAS works, you will need to cache or store this information within your\napplication (or use another ``repoze.who`` plugin to do it for you), as \nthis data is only associated with a user's initial CAS request.\n\nA suite of plugins exists for precisely this reason and can be found at\nhttps://pypi.python.org/pypi/repoze.who.plugins.metadata_cache\n\nYou can always customise your own method of managing this metadata, too.\nAs mentioned, you can find the retrieved attributes within the ``repoze.who``\nidentity within the specific request that triggers the CAS authentication.\n\nYour apps\n---------\n\nNothing is required within your apps, just set them up and configure \n``repoze.who`` accordingly. You may like to follow the example \nconfiguration file as seen in the ``config_example/`` directory.\nThis is what the ``who.ini`` configuration file looks like::\n\n # IDENTIFIER\n # @param :\n # - cas_url : URL to your CAS server. Ensure your URL has a trailing slash.\n # - cas_version : Version of your CAS server. Affects how the CAS protocol\n # is followed.\n # - rememberer_name : name of the plugin for remembering (delegate)\n # - attributes_name : identifier for where to place CAS-sources metadata\n # inside the ``repoze.who`` identity.\n # - path_toskip : regex for URLs handling authentication to CAS separately\n # - path_logout : regex for URLS that should be trigger a logout\n # WARNING: you must include the path of logout even \n # it is present within ``path_toskip``.\n [plugin:casauth]\n use = repoze.who.plugins.cas.main_plugin:make_plugin\n cas_url= https://servcas:8443/cas/\n cas_version = 3.0\n rememberer_name = auth_tkt\n attributes_name = attributes\n path_toskip = .*/phpbb/.*\n path_logout = .*/logout.*\n .*mode=logout.*\n\n \n # CHALLENGE DECIDER\n # @param:\n # - path_login : those regexp indicate which url should be redirected for a challenge \n # e.g. : for CAS, will be redirected on a \"/cas/login\" like url\n [plugin:decider]\n use = repoze.who.plugins.cas.challenge_decider:make_plugin\n path_login = \n .*trac/login.*\n .*/login$ \n\n \n [plugin:auth_tkt]\n # identification\n use = repoze.who.plugins.auth_tkt:make_plugin\n secret = secret\n cookie_name = oatmeal\n secure = False\n include_ip = False\n \n [general]\n request_classifier = repoze.who.classifiers:default_request_classifier\n remote_user_key = REMOTE_USER\n # trick : target the plugin whose name is the same\n challenge_decider = decider\n \n \n [identifiers]\n # plugin_name;classifier_name:.. or just plugin_name (good for any)\n plugins =\n casauth\n auth_tkt\n \n [authenticators]\n # plugin_name;classifier_name.. or just plugin_name (good for any)\n plugins =\n casauth\n \n \n [challengers]\n # plugin_name;classifier_name:.. or just plugin_name (good for any)\n plugins =\n casauth\n \nUsing the above configuration will see the given application receive the\nremote user's name as the ``REMOTE_USER`` environment variable\n\n\nTo Do\n=====\n\n* *More tests*: Add additional deployment scenarios for applications\n* *Handle Single Sign-Out*: \n\n At this point, this plugin does not handle Single Sign Out.\n There may be several ways to achieve this:\n\n - A simple solution may be found by enabling the plugin to execute each\n callable delivered by webapp whose purpose would be to logout the \n user from it (e.g: by redirecting the browser on the logout url, \n or deleting some cookies etc.).\n\n - Currently, CAS 3 and higher handle SSOut by triggering a POST \n request to all the web application registered. \n\n* *Genericising the code*: At the moment, the plugin relies on a CAS \n server. However, CAS is simply a specific trusted third party (like\n Kerberos etc.). So, to avoid redundancy between plugins, abstract away\n \"trusted third party\" authentication code and refactory.\n\n\n\nKnown Issues\n============\n\n* None at present.\n\n\n\nChanges\n=======\n\n0.2.2 (2013-04-25)\n------------------\n\n- Documentation markup fixes\n\n0.2.0 (2013-04-24)\n------------------------------\n\n - Review davidjb changes, cleanify the buildout infra, travis setup [kiorky]\n - Support obtaining user attributes (metadata) via CAS 2.0 service\n validation (``/serviceValidation``) and parsing the XML response.\n User attributes will be placed into the repoze.who identity\n using the key ``attributes_name`` after the ticket validation\n process. Due to how CAS works, the data must be either saved or cached\n by another plugin to allow persistance beyond the request\n that triggered the ticket validation. See documentation for more info.\n [davidjb]\n - Support specifying a CAS version. This will control what version of\n the CAS protocol (http://www.jasig.org/cas/protocol) to use.\n [davidjb]\n - Precompile regex statements from configuration to avoid needing\n to recompile during every request.\n [davidjb]\n - Clean up debug process. Debugging is now possible by configuring the\n ``debug`` plugin keyword.\n [davidjb]\n - Clean up identification process to remove need for ``bhp`` in query\n string.\n [davidjb]\n - Switch use of paste HTTPFound for webob, following repoze.who.\n [davidjb]\n - Add Buildout boostrap and configuration for running tests.\n [davidjb]\n - Documentation clean up for clarity.\n [davidjb]\n - Code spring cleaning and documentation expansion. Code now requires\n Python 2.6 and works towards Python 3 compatibility (not guaranteed\n at present).\n [davidjb]\n\n0.1.2 (2012-01-13)\n------------------\n\n - Minor additions to example configuration about CAS URL and auth_tkt\n plugin.\n [davidjb]\n\n0.1 (2009-07-28)\n----------------\nInitial release.\n\n - Provides repoze.who plugins (i.e.: challenge, identifier, chalenge decider and\n auth plugins) for enabling CAS\n - Provides simple unit tests",
"description_content_type": null,
"docs_url": null,
"download_url": "UNKNOWN",
"downloads": {
"last_day": -1,
"last_month": -1,
"last_week": -1
},
"home_page": "http://github.com/kiorky/repoze.who.plugins.cas/",
"keywords": "cas authentication server web wsgi repoze repoze.who sponsorised by Makina Corpus",
"license": "BSD",
"maintainer": null,
"maintainer_email": null,
"name": "repoze.who.plugins.cas",
"package_url": "https://pypi.org/project/repoze.who.plugins.cas/",
"platform": "UNKNOWN",
"project_url": "https://pypi.org/project/repoze.who.plugins.cas/",
"project_urls": {
"Download": "UNKNOWN",
"Homepage": "http://github.com/kiorky/repoze.who.plugins.cas/"
},
"release_url": "https://pypi.org/project/repoze.who.plugins.cas/0.2.2/",
"requires_dist": null,
"requires_python": null,
"summary": "CAS plugin for repoze.who by Makina Corpus",
"version": "0.2.2"
},
"last_serial": 798854,
"releases": {
"0.1": [
{
"comment_text": "",
"digests": {
"md5": "e0639f5e7ce1ed1884739644906fb950",
"sha256": "12942d65f70a63e20641598c31d59ec94bdb0f283786df80ba32bb62e357cc88"
},
"downloads": -1,
"filename": "repoze.who.plugins.cas-0.1.tar.gz",
"has_sig": false,
"md5_digest": "e0639f5e7ce1ed1884739644906fb950",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 13272,
"upload_time": "2009-07-28T17:13:22",
"url": "https://files.pythonhosted.org/packages/a5/54/519b1b3003f0b92222ba1042c63b35a8ccad8ba37a8baec5576ca3a66a8b/repoze.who.plugins.cas-0.1.tar.gz"
}
],
"0.1.1": [
{
"comment_text": "",
"digests": {
"md5": "7837d2f9a9d22bedd057f37e9b390ba9",
"sha256": "334e6fc432e83bcea873d2d9c79dfc7f81e56a4b5f30553504c8c94dc6c5640c"
},
"downloads": -1,
"filename": "repoze.who.plugins.cas-0.1.1.tar.gz",
"has_sig": false,
"md5_digest": "7837d2f9a9d22bedd057f37e9b390ba9",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 13378,
"upload_time": "2009-08-13T12:18:17",
"url": "https://files.pythonhosted.org/packages/10/34/cb0c3cf530cd3caf35eff12de33082140798678e8f332762a9360b485d71/repoze.who.plugins.cas-0.1.1.tar.gz"
}
],
"0.1.2": [
{
"comment_text": "",
"digests": {
"md5": "559943dbc30e52fa5af4bb51807ae35e",
"sha256": "a22fc8a1b71eed8e164aa78af1e7d5683a09f7ec46e6c13c84202e6533543c86"
},
"downloads": -1,
"filename": "repoze.who.plugins.cas-0.1.2.tar.gz",
"has_sig": false,
"md5_digest": "559943dbc30e52fa5af4bb51807ae35e",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 15140,
"upload_time": "2012-01-13T09:27:01",
"url": "https://files.pythonhosted.org/packages/f5/c4/2886f17ed38fe3154a86f898b38438bdd33a857c23879bce95a7aee0b6d9/repoze.who.plugins.cas-0.1.2.tar.gz"
}
],
"0.2.0": [
{
"comment_text": "",
"digests": {
"md5": "1f0aa421f26bcb6aa2632cf221e6c528",
"sha256": "d0226a13f78e28978ca7bad9626351a0ea6d62cb8dba7023cdc4832c84d209ee"
},
"downloads": -1,
"filename": "repoze.who.plugins.cas-0.2.0.zip",
"has_sig": false,
"md5_digest": "1f0aa421f26bcb6aa2632cf221e6c528",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 30167,
"upload_time": "2013-04-24T07:39:29",
"url": "https://files.pythonhosted.org/packages/2b/6e/50da8896a4b5eb9b68661c7a61c78c5f8ac4911f0c609f9409f1cf4a73cc/repoze.who.plugins.cas-0.2.0.zip"
}
],
"0.2.1": [
{
"comment_text": "",
"digests": {
"md5": "17d55a43f5c6ae2ee7df00897ee40496",
"sha256": "8edf9200bd52126b63df7c83ccf900560cee9b52dbec88ec8bc014e35c149f8f"
},
"downloads": -1,
"filename": "repoze.who.plugins.cas-0.2.1.zip",
"has_sig": false,
"md5_digest": "17d55a43f5c6ae2ee7df00897ee40496",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 30228,
"upload_time": "2013-04-24T07:44:42",
"url": "https://files.pythonhosted.org/packages/30/ef/cdf7100b6c70c9b16d91cfb4591ce067eb3a103ca4c332072d2d59a6cc42/repoze.who.plugins.cas-0.2.1.zip"
}
],
"0.2.2": [
{
"comment_text": "",
"digests": {
"md5": "f814d6edfc72a611923bae01b80e42c3",
"sha256": "67b312886592ea90a63bc95c7380626b8852ff9bc1554356d93f8ef02ce0fa60"
},
"downloads": -1,
"filename": "repoze.who.plugins.cas-0.2.2.zip",
"has_sig": false,
"md5_digest": "f814d6edfc72a611923bae01b80e42c3",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 30238,
"upload_time": "2013-04-25T07:24:46",
"url": "https://files.pythonhosted.org/packages/47/4d/da8ffab288fb72283dc1adc890348cd10b9036d5d65f77d5e18d2727b293/repoze.who.plugins.cas-0.2.2.zip"
}
]
},
"urls": [
{
"comment_text": "",
"digests": {
"md5": "f814d6edfc72a611923bae01b80e42c3",
"sha256": "67b312886592ea90a63bc95c7380626b8852ff9bc1554356d93f8ef02ce0fa60"
},
"downloads": -1,
"filename": "repoze.who.plugins.cas-0.2.2.zip",
"has_sig": false,
"md5_digest": "f814d6edfc72a611923bae01b80e42c3",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 30238,
"upload_time": "2013-04-25T07:24:46",
"url": "https://files.pythonhosted.org/packages/47/4d/da8ffab288fb72283dc1adc890348cd10b9036d5d65f77d5e18d2727b293/repoze.who.plugins.cas-0.2.2.zip"
}
]
}