Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

##Running as a test Ahead of running the test script you will need support for python virtualenv and pip

sudo apt-get install python-pip sudo pip install virtualenv

##Running as part of a WSGI Application under Apache

apt-get install libapache2-mod-wsgi

You will need to set up the virtualenv, see the test/ script if you are unsure how to do this.

In your Apache configuration file:

    WSGIApplicationGroup %{GLOBAL}
    WSGIScriptReloading On

    WSGIDaemonProcess MyApp processes=2 threads=25 python-path=/path/to/virtualenv/lib/python2.7/site-packages

    Alias /MyApp/ "/path/to/MyApp/"
    <Directory "/path/to/MyApp">
        WSGIProcessGroup MyApp
        Options Indexes FollowSymLinks MultiViews ExecCGI
        MultiviewsMatch Handlers
        AddHandler wsgi-script .wsgi .py
        AddHandler cgi-script .cgi .pl
        AllowOverride All

Copy the files from wsgi_app to /path/to/MyApp

Your URL will then be of the form /MyApp/app.wsgi/

This example allows for static HTML files to be placed in the directory /static - you can, of course, change this



This is url of your CAS server - typically

/login, /logout etc are appended to this url


If the application is behind a proxy server then, if the context is different frm the application server, then this parameter should be set as the proxy server context


This url will be intercepted by the middleware to log you out of the application, and CAS

This will clear the local session and forward the request to the CAS logout page


Where to go after you have logged out


Only CAS version 2 and 3 are supported


A page to go to if authentication fails, if not set a simple message is displayed


It is necessary to define the entry page for single log out to work

CAS will post a message to this URL, which must be the same as the originally validated page, when a log out is performed on the CAS server.


Werkzeug sessions are used and it's necessary to define a store to keep them in


Sometimes when you are not authenticated you don't want to redirect to CAS, this regex defines these URLs


A function defining what to do when the ignore_redirect regex matches


Default = None, A regular expression for pages that use a CAS gateway i.e. test if logged in but never show the log in page


Default = ';', How to separate the groups returned from CAS as part of attribute release


Default = 'HTTP_CAS_MEMBEROF', The name of the environment variable containing the groups

###cas_private_key (CAS 4.1)

Default = None, The name of a file containing the private key used for decrypting the credentials attribute when using clearpass. This will be available in the PASSWORD environment variable. The value is held in the session using encryption keys held only in memory.


Default = False, Ensures https when validating the ticket


WSGI Middleware to add CAS authentication






No packages published