基于django-cas-ng的HUE单点登录实现

时间:2022-12-13 17:47:46

一. 背景介绍

    单点登录(Single Sign On,SSO)是指在多个应用系统中,用户只需要登录一次就可以访问所有相互信任的应用系统。     有多种开源的单点登录方案,其中,CAS(Central Authentication Service)是Yale University开发的、应用比较广泛的一种实现。     HUE没有直接提供对CAS的支持。django-cas-ng是Django框架的一个CAS客户端,经过适当修改后可以整合到HUE中实现HUE的单点登录。

二. 环境

    HUE版本:3.9.0     django-cas-ng版本:3.4.2     CAS Server:JASIG

三. 实现过程

    1. 拷贝django-cas-ng-3.4.2目录及里面内容到desktop/core/ext-py。

    2. 修改desktop/core/src/desktop/middleware.py。

      

import django_cas_ng.views

DJANGO_VIEW_AUTH_WHITELIST=[
  django_cas_ng.views.login,
  django.views.static.serve,
  desktop.views.is_alive,
]

    3. 修改desktop/core/src/desktop/settings.py。

    MIDDLEWARE_CLASSES中增加'django_cas_ng.middleware.CASMiddleware'。

    增加CAS_SERVER_URL='http:100.0.1.1:8080/cas/login',位置任意,地址为CAS服务器的URL地址。

    4. 修改desktop/core/src/desktop/urls.py。

    

dynamic_patterns = patterns('desktop.auth.views',
  #(r'^accounts/login/$', 'dt_login'),
  #(r'^accounts/logout/$', 'dt_logout', {'next_page':'/'}),
  (r'^profile$', 'profile'),
  (r'^login/oauth/?$', 'oauth_login'),
  (r'^login/oauth_authenticated/?$', 'oauth_authenticated'),
)

dynamic_patterns += patterns('',
  (r'^accounts/login/', 'django_cas_ng.views.login'),
   (r'^accounts/logout/', 'django_cas_ng.views.logout'),
  (r'^admin/', include(admin.site.urls)),
)

    5. 修改desktop/core/src/desktop/auth/backend.py。

    CASBackend类在django_cas_ng/backends.py中CASBackend类的基础上做了一些改动。

    

from django.conf import settings
from django_cas_ng.backends import _verify
from django_cas_ng.signals import cas_user_authenticated

class CASBackend(object):
  """CAS authentication backend"""

  def authenticate(self, ticket, service, request):
    """Verifies CAS ticket and gets or creates User object"""
    username, attributes = _verify(ticket, service)
    if attributes:
      request.session['attributes'] = attributes
    if not username:
      return None
    try:
      user = User.objects.get(username=username)
      created = False
    except User.DoesNotExist:
      #check if we want to create new users, if we don't fail auth
      create = getattr(settings, 'CAS_CREATE_USER', True)
      if not create:
        return None
      #user will have an "unusable" password
      user = User.objects.create_user(username, '')
      #user.save()
      created = True

    default_group = get_default_user_group()
    if default_group is not None:
      user.groups.add(default_group)
    user = rewrite_user(user)
    user.save()
    #send the 'cas_user_authenticated' signal
    cas_user_authenticated.send(
      sender=self,
      user=user,
      created=created,
      attributes=attributes,
      ticket=ticket,
      service=service,
    )
    return user

  def get_user(self, user_id):
    """Retrieve the user's entry in the User model if it exists"""

    try:
      return rewrite_user(User.objects.get(pk=user_id))
    except User.DoesNotExist:
      return None

    6. 修改desktop/conf/hue.ini

    backend=desktop.auth.backend.CASBackend

    redirect_whitelist==^\/.*$,^.*\/cas\/login.*$,^.*\/cas\/logout.*$

标签:

相关文章