-
Notifications
You must be signed in to change notification settings - Fork 112
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LOGOUT_URL doesnot work if its not HTTPS & SLO (Single log out) messages not being sent. #60
Comments
FYI I am using:
|
Hi @amanjots, Of course you want HTTPS every time sensitive information like tokens or cookies travel across the network. I'd say it is trying to use a proxy and it is not configured correctly, or you are not listening on the 443 port, I mean, it doesn't look like a CAS problem, but a network configuration problem. |
@manelclos I agree that sensitive information should be HTTPS. But my question is that in a development environment, where it may not have HTTPS all the time, does django-mama-cas still needs HTTPS in LOGOUT_URL? |
I tried to trace all the django requests being sent or received. with django-request. And, I found that when a user clicks on Logout, he is logged out of the app, but there is no POST request sent for SLO messages to the other apps. So, user remains signed in the other apps. |
I don't think so. I'll try to do some testing using the repository from #59 to check for both issues. |
Ops, previous response if for previous comment. About your new comment, I think there is some bad configuration on your side. |
Can you check that in the client you are using
and that you have this in your urls.py?
|
@manelclos yes the client has settings (CAS_LOGOUT_COMPLETELY = True & CAS_VERSION = '3'). In the URLs of the first django virtual environment, the Wagtail's admin authentication is to be handled by the django-ng-cas client, so the urls are:
And, the third virtual environment is having django-helpdesk, and to use CAS for its authentication I have changed the url's to following:
As per this tutorial , the callback "url processes logout request that comes from the CAS server." That's why I have used it in this way, and have also tried 'admin/callback' or 'accounts/callback' or even commenting it out as well. In the above config, single sign-on works perfectly fine. But, single log out doesn't work at all. |
I've never used the callback setting in urls.py. |
@manelclos: I have tried without callback setitngs also, and SLO still doesn't work. Further, I saw that you had found an issue with SLO before and tested it to work properly in #27 Can you please share the settings (from settings.py) and URLs of django-mama-cas and django-cas-ng that works for you? Thanks. |
Hi @amanjots, I got some time today for testing this. Maybe you are missing this on the settings.py of the server (mama_cas):
I've fixed the SSO and SLO configurations so they are working in this example: https://github.com/manelclos/django-cas-test See that when you log out from "cas_client" (app1) the cookie for the cas_server is deleted and also the one for "cas_client" (app1). "second_client" (app2) cookie is not deleted until you access "second_client" again. Let me know if you get it working with the example repository. |
@manelclos Thanks a lot for your reply and providing the example. Have you tested django-mama-cas server with 'MAMA_CAS_SERVICES' So can you once check if you configure 'MAMA_CAS_SERVICES' in settings.py of cas server, does it work properly? If you can update the config after testing this, that will really help to resolve the issue. Thanks again. :) |
Yes, it was working also with MAMA_CAS_SERVICES, I removed it before
commiting to make it even simpler.
|
@manelclos Thanks again. Can you please add 'MAMA_CAS_SERVICES' configuration that you tested to be working to https://github.com/manelclos/django-cas-test ? |
Sure thing, see here: manelclos/django-cas-test@f1b1dd9 On the server you can check:
|
@amanjots is this issue fixed? |
@manelclos I will have to do the testing again soon. Actually, the project structure that I was working on is changed completely. So, I will have to setup my separate project to test this issue. Kindly allow me few days to ensure this issue is resolved. Thanks. |
Thanks for the description - from this thread I figured out how to make this mama-client thing going. For me also does not work the single log out in local development mode if I use http protocol. I'll check on staging, if it works with https. Manel, ( @manelclos ) I have a multi-language multi-domain site. I have - as you suggested: settings.py:
urls.py:
What am I missing? Probably relevant part of my requirements.txt:
|
Ok, now I've figured out. MAMA CAS calls back the relevant CAS clients and says goodbye. |
@BarnabasSzabolcs do you mean 'LOGOUT_URL': 'http://127.0.1.1:80/accounts/callback' in the MAMA_CAS_SERVICES? thanks,I have the same problem. |
@lluww probably yes. My solution was to put my server behind nginx, locally. |
@BarnabasSzabolcs |
@lluww ssl_certificate /full/path/to/mypage.test-fullchain.pem; and then mama-cas works fine for me. (otherwise I get some weird redirect on logout... something like http://127.0.0.1:8000/http://127.0.0.1:8000/) |
@BarnabasSzabolcs Oh, I know my problem. I guess I forget to add 'django_cas_ng.middleware.CASMiddleware' in client app's setting.MIDDLEWARE. After that I can single-logout. I haven't install nginx #setting.py server #setting.py client CAS_SERVER_URL = 'http://127.0.0.1:8000' CAS_VERSION = '3' CAS_APPLY_ATTRIBUTES_TO_USER = True CAS_LOGOUT_COMPLETELY = True AUTHENTICATION_BACKENDS = ( |
Hello, I have a problem in making a logout system using mama cas, I can't get service at the login URL after logging out. |
Hi, I got Single Sign-On working with different python apps in different virtual environments. Its combination of django-mama-cas as a server, and django-cas-ng on the clients. SSO is piece of cake. 9I referred the documentation and this article as well.
But, I have noticed that on Logout from one app, I am still Signed into the other apps. On the terminal (after running manage.py runserver), I see that the SLO (Single log out) messages are not sent to any other app if the LOGOUT_URL is not HTTPS.
But, when I set LOGOUT_URL = 'https://', it tries to send the Logout message. But, since I am running in development environment, so I get the following error:
That most likely due to the self-signed SSL certificates.
Can you please tell me if this is the desired behavior to have LOGOUT_URL as HTTPS? And, any specific procedure to look at the logs of django-mama-cas only which will help to troubleshoot this?
The text was updated successfully, but these errors were encountered: