Commit 2b02568e authored by Valentin Samir's avatar Valentin Samir

Doc for the federated mode

parent 177da450
...@@ -139,6 +139,15 @@ Authentication settings: ...@@ -139,6 +139,15 @@ Authentication settings:
If more requests need to be send, there are queued. The default is ``10``. If more requests need to be send, there are queued. The default is ``10``.
* ``CAS_SLO_TIMEOUT``: Timeout for a single SLO request in seconds. The default is ``5``. * ``CAS_SLO_TIMEOUT``: Timeout for a single SLO request in seconds. The default is ``5``.
Federation settings:
* ``CAS_FEDERATE``: A boolean for activating the federated mode (see the federate section below).
The default is ``False``.
* ``CAS_FEDERATE_PROVIDERS``: A distionnary for the allowed identity providers (see the federate
section below). The default is ``{}``.
Tickets validity settings: Tickets validity settings:
* ``CAS_TICKET_VALIDITY``: Number of seconds the service tickets and proxy tickets are valid. * ``CAS_TICKET_VALIDITY``: Number of seconds the service tickets and proxy tickets are valid.
...@@ -199,6 +208,8 @@ Authentication backend ...@@ -199,6 +208,8 @@ Authentication backend
This is the default backend. The returned attributes are the fields available on the user model. This is the default backend. The returned attributes are the fields available on the user model.
* mysql backend ``cas_server.auth.MysqlAuthUser``: see the 'Mysql backend settings' section. * mysql backend ``cas_server.auth.MysqlAuthUser``: see the 'Mysql backend settings' section.
The returned attributes are those return by sql query ``CAS_SQL_USER_QUERY``. The returned attributes are those return by sql query ``CAS_SQL_USER_QUERY``.
* federated backend ``cas_server.auth.CASFederateAuth``: It is automatically used then ``CAS_FEDERATE`` is ``True``.
You should not set it manually without setting ``CAS_FEDERATE`` to ``True``.
Logs Logs
---- ----
...@@ -267,3 +278,32 @@ Or to log to a file: ...@@ -267,3 +278,32 @@ Or to log to a file:
}, },
}, },
} }
Federation mode
---------------
``django-cas-server`` comes with a federation mode. Then ``CAS_FEDERATE`` is ``True``,
user are invited to choose an identity provider on the login page, then, they are redirected
to the provider CAS to authenticate. This provider transmit to ``django-cas-server`` the user
username and attributes. The user is now logged in on ``django-cas-server`` and can user
services using ``django-cas-server`` as CAS.
The list of allowed identity providers is defined using the ``CAS_FEDERATE_PROVIDERS`` parameter.
For instance:
.. code-block:: python
CAS_FEDERATE_PROVIDERS = {
"example.com": ("https://cas.example.com", 3),
"exemple.fr": ("https://cas.exemple.fr", 3),
}
``CAS_FEDERATE_PROVIDERS`` is a dictionnary using provider names as key and a tuple
(cas address, cas version protocol) as value.
In federation mode, ``django-cas-server`` build user's username as follow:
``provider_returned_username@provider_name``.
You can choose the provider returned username for ``django-cas-server`` and the provider name
in order than to builed username make sense.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment