7 Jun 2017
JASIG-CAS for Single Sign on Integration
Sripathi Krishnan
#Integration | 4 min read
JASIG-CAS for Single Sign on Integration
Sripathi Krishnan

What is CAS ?

It is a single sign-on protocol for the web. Its purpose is to permit a user to access multiple applications while providing their credentials (such as user id and password) only once. It can use multiple backed identity stores like database,ldap and In- memory. It is useful when there is a centralized authentication team manages the identity.

Django CAS NG

There are some available middleware with django to integrate and the most viable one django-cas-ng is a Central Authentication Service (CAS) client implementation. This project inherits from django-cas. support Single Sign Out and Can fetch Proxy Granting Ticket.

Pre Requisites

Supports CAS versions 1.0, 2.0 and 3.0. Supports Django 1.5, 1.6, 1.7 and 1.8 with User custom model Supports Python 2.7, 3.x

How to Setup Environment and Install

The project runtime needs to be setup with right dependencies. So that, project scaffold can start referencing the dependencies.
Install with pip: pip install django-cas-ng
Install the latest code: pip install
Install from source code: python install


Single sign-on always needs right filter type middlewares for intercepting the requests.It is always good practise to keep the configuration as a part of Django sample project. Make sure you also have the authentication middleware installed. Here’s an example:

Sample settings file for reference with configuration:

INSTALLED_APPS = ( ‘django.contrib.admin’, ‘django.contrib.auth’, ‘django.contrib.contenttypes’, ‘django.contrib.sessions’, ‘django.contrib.messages’, ‘django.contrib.staticfiles’, ‘django_cas_ng’, … )
MIDDLEWARE_CLASSES = ( ‘django.middleware.common.CommonMiddleware’, ‘django.contrib.sessions.middleware.SessionMiddleware’, ‘django.contrib.auth.middleware.AuthenticationMiddleware’, … )
AUTHENTICATION_BACKENDS = ( ‘django.contrib.auth.backends.ModelBackend’, ‘django_cas_ng.backends.CASBackend’, )

CAS_SERVER_URL needs to be defined to configure cas runtime which is a web application dpeloyed on a http java application server. Set it to the base URL of your CAS source (e.g.

Optional Settings Include:


View-Wrappers Example

The settings CAS_EXTRA_LOGIN_PARAMS allows you to define a static dictionary of extra parameters to be passed on to the CAS login page. But what if you want this dictionary to be dynamic (e.g. based on user session)? Our current advice is to implement simple wrappers for our default views, like these:

from django_cas_ng import views as baseviews
@csrf_exempt def login(request, **kwargs): return _add_locale(request, baseviews.login(request, **kwargs))
def logout(request, **kwargs): return _add_locale(request, baseviews.logout(request, **kwargs))
def _add_locale(request, response): """If the given HttpResponse is a redirect to CAS, then add the proper 'locale' parameter to it (and return the modified response). If not, simply return the original response."""
if (
    isinstance(response, HttpResponseRedirect)
    and response['Location'].startswith(settings.CAS_SERVER_URL)
    from ourapp.some_module import get_currently_used_language
    url = response['Location']
    url += '&' if '?' in url else '&'
    url += "locale=%s" % get_currently_used_language(request)
    response['Location'] = url
return response


Custom Backends

The CASBackend class is heavily inspired from Django’s own RemoteUserBackend and allows for some configurability through subclassing if you need more control than django-cas-ng’s settings provide. For instance, here is an example backend that only allows some users to login through CAS:

from django_cas_ng.backends import CASBackend
class MyCASBackend(CASBackend):
    def user_can_authenticate(self, user):
        if user.has_permission(‘can_cas_login’):
            return True
    return False


If you need more control over the authentication mechanism of your project, then django-cas-ng’s settings provide a functionality to create your own authentication backend that inherits from django_cas_ng.backends.CASBackend and override these attributes or methods:
CASBackend.clean_username(username) CASBackend.user_can_authenticate(user) CASBackend.configure_user(user)


CAS enables single sign-on and login federation for organisations and help them centrally manage identity for multiple web applications in organisations by seamlessly integrating with them over http. This enables centralization of identity provider teams.

Read similar blogs

Need Tech Advice?
Contact our cloud experts

Need Tech Advice?
Contact our cloud experts

Contact Us

PHP Code Snippets Powered By :