Re: [Zope-dev] SAP SSO feature for Zope/LDAPUserFolder
Dirk Datzert wrote: Hi, we have Zope 2.6.4 and 2.7.6 with LDAPUserFolder and CookieCrumbler in use. One of our next goals is to integrate the Single-Sign-On-Ticket feature of SAP-Portal. SAP sent a cookie called MYSAPSSO2 which contains a certified signature and the Login-Name of a user. Normally the Login-Name will be validated by LDAPUserFolder with password against LDAP-Directory and the roles of the user will be assigned to the user object. We have now an external web-service which can validate the MYSAPSSO2-Ticket and return the Login-Name. I'm looking now for the best way to integrate/rewrite CookieCrumbler/LDAPUserFolder to take the validated Login-Name and read the roles of the user out of the LDAP-directory. Any ideas ? Maybe comments by Jens or Shane ? Regards, Dirk I'm not sure this could work for you... I've tried integrating Zope with an SSO system, which did not provide any authentication other than setting a correct REMOTE_USER in the REQUEST (we did it behind Apache). We succeded by subclassing CookieCrumbler so that it was able to deal with those situations. Also, we were working with Zope in Remote User Mode. I can provide the code, if necessary. Regards Marco ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: SAP SSO feature for Zope/LDAPUserFolder
Hi Mark, Mark Hammond schrieb: I would suggest looking at PAS. You would write an extraction plugin for PAS, and use the PAS LDAPMultiPlugin (from dataflake) for user properties and role/group enumeration. Your PAS plugin then only has the job of creating a user id suitable for use with the LDAP plugin (ie, the same 'id' that LDAPUF is configured to use). PAS has had a number of recent changes - you should look at the CVS versions (of PAS and the dataflake stuff) rather than the released versions if you want to avoid migration work in the future. http://www.zope.org/Members/urbanape/PluggableAuthService mailing list at: http://mail.zope.org/mailman/listinfo/zope-pas I like the idea of PAS and I have downloaded PluginRegistry, PAS and LDAPMultiPlugin. I made a MySapSsoCookieAuthHelper, which will take the MYSAPSSO2-Cookie, sent this to the external Validation Service. Since this service will return the login name which is identical to the LDAP-User I hopefully only have to work for reading the LDAP-Attributes and roles. One question about PAS/LDAPMultiPlugin and LDAPUserFolder/LDAPUserSatellite: We work a lot with LDAPUserSatellite in different Folders, which will change local roles of users. Is this also possible with PAS/LDAPMultiPlugin ? Thanks for that hint. Dirk -- Geschenkt: 3 Monate GMX ProMail gratis + 3 Ausgaben stern gratis ++ Jetzt anmelden testen ++ http://www.gmx.net/de/go/promail ++ ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: SAP SSO feature for Zope/LDAPUserFolder
On 26 Jun 2005, at 14:57, Dirk Datzert wrote: One question about PAS/LDAPMultiPlugin and LDAPUserFolder/ LDAPUserSatellite: We work a lot with LDAPUserSatellite in different Folders, which will change local roles of users. Is this also possible with PAS/LDAPMultiPlugin ? No it is not. It requires cooperation from the user class emitted by the user folder. PAS uses its own user class which does not have the needed hooks. jens ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope] Timeout?
Hi! Is there a way to have a ZOPE method (called, for example, via a TALES expression) time out after a specific (changeable!) amount of time? TIA, Ole ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Timeout?
I've never heard of a way. I think the external python app you have has to try to import timeoutsocket and in that you need to set the timeout time. Perhaps you can make this varying and not just on the import. If you in have a standard type python 2.3 installation, this should be installed already for you otherwise you'll have to go digging on the net. On 6/26/05, Jan-Ole Esleben [EMAIL PROTECTED] wrote: Hi! Is there a way to have a ZOPE method (called, for example, via a TALES expression) time out after a specific (changeable!) amount of time? TIA, Ole ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) -- Peter Bengtsson, work www.fry-it.com home www.peterbe.com hobby www.issuetrackerproduct.com ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )