Using CAS authentication with Wagtail

Hi, this is quick setup guide for using django-cas-client (1.2.0) with Wagtail, gave me a few headaches so maybe this can help someone else.

I’m assuming you have a CAS authentication server setup already, this guide doesn’t cover that.

First off you’ll need to install the django-cas-client, I did this by adding a line in my requirements.txt of :


Then in your settings file, make sure you add a backend like :


then :


CAS_REDIRECT_URL = '/admin/' 


(The auto create setting is really important otherwise the CAS client will attempt to make a user in Wagtail with no details, this will cause a redirect loop on login for authenticated users)

next :




then :



to the list of installed apps.

That’s all for settings, next open up your and add these lines :

url(r'^admin/login/$', 'cas.views.login', name='login'),
url(r'^admin/logout/$', 'cas.views.logout', name='logout'),

That should be it, any problems comment below!

5 thoughts on “Using CAS authentication with Wagtail

  1. Aman

    Hi, I followed your blogpost to configure django-cas. After setting all up, when user tries to login using a valid account (username/password), the Web Browser shows: “Forbidden Login Failed’

    In the terminal of wagtail, error is displayed:

    User has a valid ticket but not a valid session [03/Jan/2018 19:47:39] “GET /admin/login/?next=%2Fadmin%2F&ticket=ST-4w5TiBrICCZ1KdUQUtNtgW6coOMBb6FzZnraIi8MOuzjfbhPTabPrxKkiDmag HTTP/1.1” 403 38

    Do you know what is wrong here?

      1. Aman

        User details are in the CAS. Do you mean that the user should also exist in Wagtail or it will be create4d at time of login using CAS if it is first-time login?

    1. Aman

      Sorry, I coudn’t get it.
      User registration is to be managed at CAS level i.e. a virtual env is running a CAS and user registration. There are a number of apps in other virtual environments that will authenticate using this CAS.

      So, users will therefore first register, and then when they want to login from Wagtail they will be authenticated using CAS.

      So how can Wagtail already know about the user if he is doing login for the first time?

      Can you update this blog post with a workflow example that how the authentication happens after configuration? That will clarify all the questions.

      (Ps: thanks a ton for all your replies so far)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.