On 05/23/2018 12:56 PM, andrew@fsf.org wrote:

Hello Mailman 3 users list,

I was wondering if it's possible to set up a CAS authenticator with django-allauth ( https://pypi.org/project/django-allauth-cas/ ) even if we cannot guarantee the correctness of email addresses supplied by our CAS instance? Some contacts may also be missing an email address. I read about this here, and it seems like it wouldn't be possible:

http://docs.mailman3.org/en/latest/config-web.html#configure-social-login

...

To see a list of all the providers, please have a look at the documentation of django-allauth. Make sure that the one you choose provides “email” as part of user data, otherwise it won’t work with Mailman. e.g. Twitter doesn’t give out emails.

What if a user's email address changes on the CAS server? Will their email address in Mailman 3 be updated the next time they log in?

If django-allauth-cas can't provide an email address, that user can't use it for Mailman authentication because authentication is for a registered email address.

The way it works is a user registers an email address with Mailman. Once the address is registered, but not before, it can be linked to one or more configured django-allauth providers, and once linked, the user can log in to the Mailman web UI via a linked allauth provider.

If the allauth provider doesn't supply the user's email address, I don't think it can be linked, but even if it can, it won't work.

If the user's CAS email changes, the user would have to add the new address to her account in Mailman and could then link the new address to the CAS allauth provider.

-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan