python_cas package

python-cas implements CAS protocol (Central Authentication Server) client.

https://github.com/python-cas/python-cas

Module contents

class cas.CASClient

Bases: object

class cas.CASClientBase(service_url=None, server_url=None, extra_login_params=None, renew=False, username_attribute=None, verify_ssl_certificate=True)

Bases: object

get_login_url()

Generates CAS login URL

Returns

Login URL

Return type

str

get_logout_url(redirect_url=None)

Generates CAS logout URL

Returns

Logout URL

Return type

str

get_proxy_ticket(pgt)

Get proxy ticket given the proxy granting ticket

Returns

Proxy ticket.

Return type

str

Raises

CASError – Non 200 http code or bad XML body.

get_proxy_url(pgt)

Returns proxy url, given the proxy granting ticket

Returns

Proxy URL

Return type

str

logout_redirect_param_name = 'service'

verify_ticket(ticket)

Verify ticket.

Sub-class must implement this function. Must return a triple

Returns

user, attributes, pgtiou

Return type

triple

class cas.CASClientV1(service_url=None, server_url=None, extra_login_params=None, renew=False, username_attribute=None, verify_ssl_certificate=True)

Bases: cas.CASClientBase

CAS Client Version 1

logout_redirect_param_name = 'url'

verify_ticket(ticket)

Verifies CAS 1.0 authentication ticket.

Returns username on success and None on failure.

class cas.CASClientV2(proxy_callback=None, *args, **kwargs)

Bases: cas.CASClientBase

CAS Client Version 2

get_verification_response(ticket)

logout_redirect_param_name = 'url'

classmethod parse_attributes_xml_element(element)

classmethod parse_response_xml(response)

url_suffix = 'serviceValidate'

classmethod verify_response(response)

verify_ticket(ticket)

Verifies CAS 2.0+/3.0+ XML-based authentication ticket and returns extended attributes

class cas.CASClientV3(proxy_callback=None, *args, **kwargs)

Bases: cas.CASClientV2, cas.SingleLogoutMixin

CAS Client Version 3

logout_redirect_param_name = 'service'

classmethod parse_attributes_xml_element(element)

url_suffix = 'p3/serviceValidate'

classmethod verify_response(response)

class cas.CASClientWithSAMLV1(proxy_callback=None, *args, **kwargs)

Bases: cas.CASClientV2, cas.SingleLogoutMixin

CASClient 3.0+ with SAML

fetch_saml_validation(ticket)

We do the SAML validation

classmethod get_saml_assertion(ticket)

Get SAML assertion

SAML request values:

• RequestID [REQUIRED]: unique identifier for the request

• IssueInstant [REQUIRED]: timestamp of the request

• samlp:AssertionArtifact [REQUIRED]: the valid CAS Service Ticket obtained as a response parameter at login.

Example of /samlValidate POST request:

POST /cas/samlValidate?TARGET=
Host: cas.example.com
Content-Length: 491
Content-Type: text/xml

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Header/>
    <SOAP-ENV:Body>
        <samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
                       MajorVersion="1"
                       MinorVersion="1"
                       RequestID="_192.168.16.51.1024506224022"
                       IssueInstant="2002-06-19T17:03:44.022Z">
            <samlp:AssertionArtifact>
              ST-1-u4hrm3td92cLxpCvrjylcas.example.com
            </samlp:AssertionArtifact>
        </samlp:Request>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

see https://djangocas.dev/docs/4.0/CAS-Protocol-Specification.html#samlvalidate-cas-3-0

verify_ticket(ticket, **kwargs)

Verifies CAS 3.0+ XML-based authentication ticket and returns extended attributes.

@date: 2011-11-30 @author: Carlos Gonzalez Vila <carlewis@gmail.com>

Returns username and attributes on success and None,None on failure.

exception cas.CASError

Bases: ValueError

CASError type

class cas.SingleLogoutMixin

Bases: object

classmethod get_saml_slos(logout_request)

returns SAML logout ticket info

classmethod verify_logout_request(logout_request, ticket)

Verify the single logout request came from the CAS server

Parameters

• cls (Class) –

• logout_request (Request) –

• ticket (str) –

Returns

True if the logout_request is valid, False otherwise

Return type

bool