AuthTktAuthenticationPolicy by default pulls the domain out of the the WSGI environment using WebOb. If you leave the domain setting blank, it should do the right thing, so long as your WSGI server correctly sets up the HTTP_HOST environment variable.
Bert
> On Feb 19, 2016, at 07:18, Jens W. Klein <j...@bluedynamics.com> wrote:
>
> I fear did get all the details of authtkt in pyramid.authentication.
>
> I have a Pyramid based service authenticating users against LDAP in
> order to grant them access to a webservice.
>
> Until know the service was only for one domain valid. There is a reverse
> proxy in front and I may fetch the domain from the "X-Forwarded-For"
> header.
>
> But since domain is set usually on service startup/configuration time I
> hard coded the domain name in the ini-file and set it like so::
>
> authn_policy = AuthTktAuthenticationPolicy(
> secret=settings.get('auth.secret'),
> cookie_name=settings.get('auth.cookie_name'),
> hashalg=settings.get('auth.hashalg'),
> callback=groupfinder,
> domain=settings.get('auth.cookie.domain'),
> )
> config.set_authentication_policy(authn_policy)
>
>
> From now on I need to have the domain dynamic based on the header
> mentioned above (cookie has to be valid mutually exclusive for: 'foo.de'
> or 'bar.de').
>
> Looking at pyramid.authentication and AuthTKTHelper I did not find an
> easy way to plug in a callable or something dynamic to get the domain
> for the cookie.
>
> What I did - and what works fine - is to patch the domain attribute on
> AuthTKTHelper like so::
>
> def _domain_getter(self):
> req = get_current_request()
> return req.headers.get('X-Forwarded-Server', 'localhost')
>
>
> def _domain_setter(self, value):
> pass
>
>
> _domain_patch = property(fget=_domain_getter, fset=_domain_setter)
>
> # patch pyramid.authentication.AuthTktCookieHelper
> AuthTktCookieHelper.domain = _domain_patch
>
>
> But in my opinion this is far from elegant or pluggable. Did I miss
> something? Is there a better method to achieve the same goal?
>
> regards Jens
> --
> Klein & Partner KG, member of BlueDynamics Alliance
>
> --
> You received this message because you are subscribed to the Google Groups
> "pylons-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to pylons-discuss+unsubscr...@googlegroups.com.
> To post to this group, send email to pylons-discuss@googlegroups.com.
> Visit this group at https://groups.google.com/group/pylons-discuss.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to pylons-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to pylons-discuss@googlegroups.com.
Visit this group at https://groups.google.com/group/pylons-discuss.
For more options, visit https://groups.google.com/d/optout.
smime.p7s
Description: S/MIME cryptographic signature
