A FastAPI implementation of IIIT CAS (Central Authentication Service) authentication.
- CAS Authentication: Secure login using IIIT's CAS server
- Authentication API: Provides CAS validation as a service for other applications
- Session Management: User sessions with secure cookies
OpenCAS/
├── main.py # Main FastAPI application
├── requirements.txt # Python dependencies
├── .env # Environment variables (not in git)
├── .env.example # Example environment variables
├── .gitignore # Git ignore rules
├── README.md # This file
└── templates/ # HTML templates
├── index.html # Home page
└── dashboard.html # Protected dashboard
The easiest way to run OpenCAS is using Docker:
-
Configure environment variables:
- Copy
.env.exampleto.env - Update the
SECRET_KEYwith a secure random string
Copy-Item .env.example .env - Copy
-
Build and run with Docker Compose:
docker-compose up --build
-
Open your browser: Navigate to
http://localhost:8000
The application will be running in a container with all dependencies managed by uv.
If you prefer to run without Docker:
-
Install uv (if not already installed):
pip install uv
-
Install dependencies:
uv sync
-
Configure environment variables:
- Copy
.env.exampleto.env - Update the
SECRET_KEYwith a secure random string
Copy-Item .env.example .env - Copy
With Docker Compose (recommended):
docker-compose upOr build and run directly with Docker:
# Build the image
docker build -t opencas .
# Run the container
docker run -p 8000:80 --env-file .env opencasuv run fastapi dev main.py# Using the main script
python main.py
# Or using uvicorn directly
uvicorn main:app --reloadAccess the application at http://localhost:8000
-
User clicks "Login with CAS":
- User is redirected to IIIT's CAS server at
https://login.iiit.ac.in/cas/login - The service URL (your app's URL) is passed as a parameter
- User is redirected to IIIT's CAS server at
-
User authenticates on CAS:
- User enters their IIIT credentials on the CAS server
- CAS validates the credentials
-
CAS redirects back with ticket:
- Upon successful authentication, CAS redirects back to your app with a ticket parameter
- Example:
http://localhost:8000/?ticket=ST-xxxxx-xxxxx
-
Ticket validation:
- Your app validates the ticket by making a server-to-server request to CAS
- URL:
https://login.iiit.ac.in/cas/serviceValidate?ticket=xxx&service=xxx - CAS returns XML with user information
-
Session creation:
- User information is extracted from the XML response
- A session is created with user data
- User is redirected to the dashboard
GET /- Home page (login button or user info), also handles CAS callback with ticketGET /login- Initiates CAS login flow (redirects to CAS server)GET /logout- Clears session and logs out user
GET /dashboard- User dashboard (requires authentication)GET /api/me- Returns current user information as JSON (requires authentication)
The following user information is extracted from CAS:
- Username: Unique user identifier
- Email: User's email address
- Name: Full name (first + last name)
- Roll Number: Student roll number
- First Name: User's first name
- Last Name: User's last name
Create a .env file with the following variables:
SECRET_KEY=your-secret-key-change-this-in-production
APP_URL=http://localhost:8000Important: Change the SECRET_KEY to a secure random string in production!
The CAS server URLs are configured in main.py:
CAS_SERVER_URL = "https://login.iiit.ac.in/cas"
CAS_LOGIN_URL = f"{CAS_SERVER_URL}/login"
CAS_VALIDATE_URL = f"{CAS_SERVER_URL}/serviceValidate"- FastAPI: Modern web framework for building APIs
- Uvicorn: ASGI server for running FastAPI
- httpx: Async HTTP client for making requests to CAS
- xmltodict: XML parsing for CAS responses
- python-dotenv: Environment variable management
- Jinja2: Template engine for HTML rendering
- itsdangerous: Secure session cookie signing
Feel free to submit issues or pull requests to improve this implementation.