Mod_authnz_wind is a project mainly written in Python, it's free.
mod python authentication for CAS-like Single Sign On
mod_wind with mod_python version:0.9.5 author:Schuyler Duveen email:[email protected] sponsor:Columbia Center for New Media Teaching and Learning
This is an authentication/authorization handler for apache and mod_python which use Columbia University's Wind protocol: http://www.columbia.edu/acis/webdev/wind.html http://www.columbia.edu/acis/rad/authmethods/wind/index.html based largely on Yale's CAS authentication.
This was done, because I didn't want to implement wind groups support in C (hacking mod_cas). However, it basically works exactly the same, and has an order of magnitude less code.
SVN Repository: http://svn.cc.columbia.edu/svn/ccnmtl/mod_authnz_wind/ Browse at: http://svn.cc.columbia.edu/viewvc/auth/mod_authnz_wind/?root=ccnmtl
Before you install, you may want to edit the constants at the top of the mod_authnz_wind/init.py.
Python and mod_python are necessary before continuing.
Once you do that, if you have setup_tools, just
run 'easy_install .' in the mod_authnz_wind directory with the file setup.py in it. Without setup_tools, the important thing is that mod_authnz_wind (with init..py) is in a directory in mod_python's PYTHONPATH (usually someplace like /usr/lib/python2.4/site-packages).
Once you do that, if you have setup_tools, just run 'easy_install .' in the mod_authnz_wind directory with the file setup.py in it. setup_tools is an optional package, and you might not have it installed, or in your path.
Note: If you can not write to the Python directory, or want to install the module in a different location, you can install a virtual instance of python that is seperate. Directions for installing and using virtual python can be found at:
http://peak.telecommunity.com/DevCenter/EasyInstall#creating-a-virtual-python
You're on your own on installing mod_python, but it's a lot easier than mod_perl.
Once everything's installed, do something like this in your Apache Conf:
For mod_python version 3.1 (and less than 3.2), mod_python can't determine whether requests are through http or https, so you must set this with another PythonOption. Add this line, setting to 'http' or 'https': PythonOption HttpOrHttps http
You might want to debug/test it by putting it in an apache-accessible directory and set it up like:
Sometimes you want Wind authentication to be 'optional'--only if someone has a wind account will they login and get privileged access. Anonymous passthrough is enabled with:
#warning: setting it to 'False' still keeps it on,
#if you set it to anything, it must be "" to disable
PythonOption AnonymousPassthrough True
Then, the website is responsible for directing Wind users to authenticate. Until someone clicks to login with Wind, they are 'authenticated' as user "anonymous" Both the anonymous username and anonymous groups are configurable with more python options:
PythonOption AnonymousUser guest
#adds the groups 'student' and 'columbia' to an anonymous user
PythonOption AnonymousGroups student,columbia
version 0.9.7