No project description provided
Project description
Introduction
This package propose a plugin for Zope PAS not only to manage authentication from an external source, mostly HTTP headers provided by some SSO, thing it does in a scriptable and highly configurable manner, but also to manage groups definition, groups belonging, and users properties .
The use case this package was created for was to integrate a Shibboleth SSO for Plone coupled with a group management application known as GROUPER, at University of geneva. In our case, Shibboleth, the SSO, fill up headers from GROUPER groups definitions and we needed them in Plone to manage local roles and permissions.
Known Bugs
The principle of solution relies on the ability of PAS to have multiple source of users and group plugins. Unfortunatly ther is a bug in this feature implementation both in Zope and Plone rewrite see bug #12794 . Once this will be corrected undoubtely but for those versions of plone and PAS for which it is not, you could use the following monkey patch in __init__.py (this one is for Plone GroupsTool):
from Products.PlonePAS.tools.groups import GroupsTool from AccessControl.requestmethod import postonly if not hasattr(GroupsTool, '_patched_ea__'): @postonly def removeGroup(self, group_id, keep_workspaces=0, REQUEST=None): """Remove a single group, including group workspace, unless keep_workspaces==true. """ retval = False managers = self._getGroupManagers() if not managers: raise NotSupported, 'No plugins allow for group management' for mid, manager in managers: if manager.getGroupById(group_id): if manager.removeGroup(group_id): retval = True gwf = self.getGroupWorkspacesFolder() if retval and gwf and not keep_workspaces: grouparea = self.getGroupareaFolder(group_id) if grouparea is not None: workspace_id = grouparea.getId() if hasattr(aq_base(gwf), workspace_id): gwf._delObject(workspace_id) self.invalidateGroup(group_id) return retval @postonly def addPrincipalToGroup(self, principal_id, group_id, REQUEST=None): managers = self._getGroupManagers() if not managers: raise NotSupported, 'No plugins allow for group management' for mid, manager in managers: if manager.getGroupById(group_id): if manager.addPrincipalToGroup(principal_id, group_id): return True return False @postonly def removePrincipalFromGroup(self, principal_id, group_id, REQUEST=None): managers = self._getGroupManagers() if not managers: raise NotSupported, 'No plugins allow for group management' for mid, manager in managers: if manager.getGroupById(group_id): if manager.removePrincipalFromGroup(principal_id, group_id): return True return False GroupsTool.removeGroup = removeGroup GroupsTool.addPrincipalToGroup = addPrincipalToGroup GroupsTool.removePrincipalFromGroup = removePrincipalFromGroup GroupsTool._patched_ea__ = True
Also, we just need to test the proxy part which we don’t use actually, or remove it. If you experience problem with it you should use the redirect to external url scheme. Also with some versions of python this could not work with https (because of a bug in old urllib2).
TODO
Unit tests
More Documentation
redirect on logout url doesn’t work
Consistent profiles for use without Plone.
COPYLEFT
Copyright (C) 2012 Smile Suisse See COPYING for copyright informations and LICENSE.txt for a copy of GPLv3 license in source package “docs” directory.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for pas.plugins.external_auth-0.1rc2.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 2bfee011176db84163f1b426be3f7528a1319c201485dcc9a68401c99df496bb |
|
MD5 | db4009af5521da48cb41acbe8445ec1f |
|
BLAKE2b-256 | e50ee051105a01046ea83805d83c46e3ea8a27c5f99b8e94aab693b22760bc4b |
Hashes for pas.plugins.external_auth-0.1rc2-py2.4.egg
Algorithm | Hash digest | |
---|---|---|
SHA256 | 5acd2062670140fcd5472e7c08892e831095b668524285e3ca14162b6f4a6e14 |
|
MD5 | ea09719db0e45c1dbb50f3a28e0e5986 |
|
BLAKE2b-256 | 26ad8b5b40d61da81c5e1a6355b9f64db716aa3828f9f52a9d71069fcc10dfba |