ynerant/django-cas-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add Login Ticket to prevent login replay + by ticket len options

Browse Source
This commit is contained in:
Valentin Samir
2015-06-05 15:44:17 +02:00
parent 1695cd24ea
commit 6185ec5216
4 changed files with 67 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
cas_server/default_settings.py
View File

@ -21,7 +21,18 @@ setting_default('CAS_WARN_TEMPLATE', 'cas_server/warn.html')
setting_default('CAS_LOGGED_TEMPLATE', 'cas_server/logged.html')
setting_default('CAS_LOGOUT_TEMPLATE', 'cas_server/logout.html')
setting_default('CAS_AUTH_CLASS', 'cas_server.auth.DjangoAuthUser')
setting_default('CAS_ST_LEN', 30)
# All CAS implementation MUST support ST and PT up to 32 chars,
# PGT and PGTIOU up to 64 chars and it is RECOMMENDED that all
# tickets up to 256 chars are supports so we use 64 for the default
# len.
setting_default('CAS_TICKET_LEN', 64)
setting_default('CAS_LT_LEN', settings.CAS_TICKET_LEN)
setting_default('CAS_ST_LEN', settings.CAS_TICKET_LEN)
setting_default('CAS_PT_LEN', settings.CAS_TICKET_LEN)
setting_default('CAS_PGT_LEN', settings.CAS_TICKET_LEN)
setting_default('CAS_PGTIOU_LEN', settings.CAS_TICKET_LEN)
setting_default('CAS_TICKET_VALIDITY', 300)
setting_default('CAS_TICKET_TIMEOUT', 24*3600)
setting_default('CAS_PROXY_CA_CERTIFICATE_PATH', True)
@ -29,9 +40,18 @@ setting_default('CAS_REDIRECT_TO_LOGIN_AFTER_LOGOUT', False)
setting_default('CAS_AUTH_SHARED_SECRET', '')
setting_default('CAS_LOGIN_TICKET_PREFIX', 'LT')
# Service tickets MUST begin with the characters ST so you should not change this
# Services MUST be able to accept service tickets of up to 32 characters in length
setting_default('CAS_SERVICE_TICKET_PREFIX', 'ST')
# Proxy tickets SHOULD begin with the characters, PT.
# Back-end services MUST be able to accept proxy tickets of up to 32 characters.
setting_default('CAS_PROXY_TICKET_PREFIX', 'PT')
# Proxy-granting tickets SHOULD begin with the characters PGT
# Services MUST be able to handle proxy-granting tickets of up to 64
setting_default('CAS_PROXY_GRANTING_TICKET_PREFIX', 'PGT')
# Proxy-granting ticket IOUs SHOULD begin with the characters, PGTIOU
# Services MUST be able to handle PGTIOUs of up to 64 characters in length.
setting_default('CAS_PROXY_GRANTING_TICKET_IOU_PREFIX', 'PGTIOU')
setting_default('CAS_SQL_HOST', 'localhost')