How do I fix a "Unable to convert auth_user 32 to forum_user" error with CAS authentication?

Question

I want to use CAS, Central Authentication Service as only login method in OSQA. I installed django_cas that allows authentication in Django with CAS. I configured everything as stated in the django_cas page and I changed the login URLs this way:

url(r'^%s%s$' % (_('account/'), _('signin/')), django_cas.views.login, name='auth_signin'),
url(r'^%s%s$' % (_('account/'), _('signout/')), django_cas.views.logout, name='user_signout'),

This seems to work at first, since it redirect me to the CAS server where I log myself in and then it redirects to the page I were before login, but it doesn't work because I am not authenticated (I still see the login link at the top right).

Where should I look?

@Gweakliem adds: I've been through the same exercise. I'm stuck right now figuring out what this error is. What I see in log/django.osqa.log is as follows:

/opt/OSQA/forum/middleware/extended_user.py TIME: 2011-07-20 00:07:17,068 MSG: extended_user.py:process_request:23 Unable to convert auth_user 32 to forum_user: 
Traceback (most recent call last):
  File "/opt/OSQA/forum/middleware/extended_user.py", line 12, in process_request
    request.user = request.user.user
  File "/opt/ActivePython-2.7/lib/python2.7/site-packages/django/db/models/fields/related.py", line 239, in __get__
    rel_obj = self.related.model._base_manager.using(db).get(**params)
  File "/opt/OSQA/forum/models/base.py", line 81, in get
    obj = self._base_clone().get(*args, **kwargs)
  File "/opt/ActivePython-2.7/lib/python2.7/site-packages/django/db/models/query.py", line 349, in get
    % self.model._meta.object_name)
DoesNotExist: User matching query does not exist.

Answer 1

1	user data is not updated to forum_user table of osqa causes the link to be still login even after successful login through cas link answered 05 May '11, 08:42 sudha 32●1●5 accept rate: 0%

Answer 2

After much trial and error, I have a working CAS-authenticated instance of OSQA.

First of all, I had to modify the source for django_cas. What I needed was a method to verify the CAS ticket without creating a user - the default will try to create a User object and that doesn't do things the right way with respect to OSQA:

site-packages/django_cas-2.0.3-py2.7.egg/django_cas/backends.py (this is just a snippet - the key point is that I refactored out a verify method from authenticate)

def verify(self, ticket, service):
    return _verify(ticket, service)

def authenticate(self, ticket, service):
    """Verifies CAS ticket and gets or creates User object"""

username = self.verify(ticket, service)
    if not username:
        return None

Next, I created a PopulatedCASBackend as suggested in the Google Code installation docs, however, the exception handler is somewhat different. I cribbed this code from the LDAP handler examples that I've found on here. The UserJoinsAction seems to be a key bit.

forum/PopulatedCASBackend.py

    from django_cas.backends import CASBackend
    from forum.authentication.base import  AuthenticationConsumer, InvalidAuthentication, ConsumerTemplateContext
    from forum.models import User
    from forum.actions import UserJoinsAction
    import logging

class PopulatedCASBackend(CASBackend):
    """CAS authentication backend with user data populated from AD"""
def authenticate(self, ticket, service):
    """Authenticates CAS ticket and retrieves user data"""

    username = super(PopulatedCASBackend, self).verify(
        ticket, service)

    if not username:
    return None

# Connect to AD, modify user object, etc.
logger = logging.getLogger(__name__)
try: # If user is in datatbase carry on
        _user = User.objects.get(email=username)
    except User.DoesNotExist:# not in the database add user to database
        _user =  User(username=username, email=username)
        _user.email_isvalid = True
        _user.set_unusable_password()
        _user.save()
        UserJoinsAction(user=_user).save()

    return _user

Settings.py has a few new settings:

 MIDDLEWARE_CLASSES = [
... other stuff
'django.contrib.sessions.middleware.SessionMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django_cas.middleware.CASMiddleware',
     'forum.middleware.extended_user.ExtendedUser',
 ] 
AUTHENTICATION_BACKENDS =
     ['django.contrib.auth.backends.ModelBackend',
     'forum.PopulatedCASBackend.PopulatedCASBackend',
     ]

Also note that you have to modify urls.py as mentioned in the original question.

There may be an easier way to do this, but this is what I found that works. The bit about modifying django_cas is a bit hacky but it seems like the path of least resistance, maybe they'll accept a patch to refactor the verify method, or maybe they'll be open to creating a callback for doing extended user creation.

How do I fix a "Unable to convert auth_user 32 to forum_user" error with CAS authentication?

... other stuff

Follow this question

Learn more about OSQA

Related questions