I'm using django-cas-ng that depends on python-cas and I noticed that after receiving the ticket from CAS, the method verify_ticket() of cas.py, used by both version 2 and 3 does not include the extra_login_params.
This is causing errors in the authentication of extra-muros users, as XML response from CAS will say that "user is invalid because application accepts only internal users, or users with higher assurance levels".
The setting CAS_EXTRA_LOGIN_PARAMS of django-cas-ng allows specifying a dictionary of parameters, like assuranceLevel which I would expect to allow extra-muros users to authenticate.
Please, let me know whether this is a bug of python-cas, or I missed something of the whole flow.
Thanks!

EDIT:
I tried to override the method of CASClient for adding the extra_login_params, but I still get an error that says the user is invalid because application allows only internal users, or users with high assurance levels. This is for client version 2. For version 3 I always get a response that includes the html code of a 403 error page, so that is another problem.