RemoteUserMiddleware stay logged in
61 views
Skip to first unread message
Dan Davis
Nov 30, 2015, 3:36:00 PM11/30/15
to Django users
So, where I work we have a CAS server we like to use. We like to use it with mod_auth_cas. So far, so good - RemoteUserMiddleware is my friend. The problem here is that REMOTE_USER will not be set unless the URI is protected by CAS, and if the URI is protected by CAS, then the user will be redirected right away. This is fine for admin URLs, but I want the CAS cookie to be validated/checked only on some URLs, without redirect. So, REMOTE_USER should be set only if the cookie is present and valid.
Does anyone have any suggestions, either how I should change mod_auth_cas or my Apache directives to support this, or how I should change my use of RemoteUserMiddleware to allow this.
Thanks,
-Dan
Tim Graham
Nov 30, 2015, 8:29:00 PM11/30/15
to Django users
Does the PersistentRemoteUserMiddleware added in Django 1.9 help?
https://docs.djangoproject.com/en/1.9/howto/auth-remote-user/#using-remote-user-on-login-pages-only
https://docs.djangoproject.com/en/1.9/howto/auth-remote-user/#using-remote-user-on-login-pages-only
Dan Davis
Dec 2, 2015, 11:00:50 PM12/2/15
to Django users
Thanks,
I can probably just install it and use it. If I must stay in 1.8 for some arcane reason, I can read the code at https://github.com/django/django.
Reply all
Reply to author
Forward
0 new messages