diff --git a/README.rst b/README.rst index 8f6cbb4..a314983 100644 --- a/README.rst +++ b/README.rst @@ -59,11 +59,35 @@ Quick start 3. Run `python manage.py migrate` to create the cas_server models. -4. Start the development server and visit http://127.0.0.1:8000/admin/ + +4. You should add some management commands to a crontab: ``clearsessions``, + ``cas_clean_tickets`` and ``cas_clean_sessions``. + + * ``clearsessions``: please see `Clearing the session store `_. + * ``cas_clean_tickets``: old tickets and timed-out tickets do not get purge from + the database automatically. They are just marked as invalid. ``cas_clean_tickets`` + is a clean-up management command for this purpose. It send SingleLogOut request + to services with timed out tickets and delete them. + * ``cas_clean_sessions``: Logout and purge users (sending SLO requests) that are + inactive since more than ``SESSION_COOKIE_AGE``. The default value for is ``1209600`` + seconds (2 weeks). You probably should reduce it to something like ``86400`` seconds (1 day). + + You could for example do as bellow : + + .. code-block:: + + 0 0 * * * cas-user /path/to/project/manage.py clearsessions + */5 * * * * cas-user /path/to/project/manage.py cas_clean_tickets + 5 0 * * * cas-user /path/to/project/manage.py cas_clean_sessions + +5. Start the development server and visit http://127.0.0.1:8000/admin/ to add a first service allowed to authenticate user agains the CAS (you'll need the Admin app enabled). -5. Visit http://127.0.0.1:8000/cas/ to login with your django users. +6. Visit http://127.0.0.1:8000/cas/ to login with your django users. + + + Settings -------- @@ -75,7 +99,7 @@ Template settings: * ``CAS_LOGIN_TEMPLATE``: Path to the template showed on ``/login`` then the user is not autenticated. The default is ``"cas_server/login.html"``. -* ``CAS_WARN_TEMPLATE``: Path to the template showed on ``/login?service=…`` then +* ``CAS_WARN_TEMPLATE``: Path to the template showed on ``/login?service=...`` then the user is authenticated and has asked to be warned before beeing connected to a service. The default is ``"cas_server/warn.html"``. * ``CAS_LOGGED_TEMPLATE``: Path to the template showed on ``/login`` then to user is @@ -91,6 +115,10 @@ Authentication settings: * ``CAS_AUTH_CLASS``: A dotted paths to a class implementing ``cas_server.auth.AuthUser``. The default is ``"cas_server.auth.DjangoAuthUser"`` +* ``SESSION_COOKIE_AGE``: This is a django settings. Here, it control the delay in seconds after + which inactive users are logged out. The default is ``1209600`` (2 weeks). You probably should + reduce it to something like ``86400`` seconds (1 day). + * ``CAS_PROXY_CA_CERTIFICATE_PATH``: Path to certificates authority file. Usually on linux the local CAs are in ``/etc/ssl/certs/ca-certificates.crt``. The default is ``True`` which tell requests to use its internal certificat authorities. Settings it to ``False`` should