Re: [Zope-PAS] proposal: IUserAdder plugins
On Fri, 04 May 2007 14:54:59 -0400, Miles [EMAIL PROTECTED] wrote: I seem to be generating a sizable proportion of the traffic on this list! Apologies in advance for another email... My use case is as follows: I have a zope website, a php forum and blog that make up my site, each with their own user databases. Whenever users register through the zope site (I have removed links so they cannot register elsewhere), I want to create corresponding user accounts for them in the database for the forum and the blog. However, when a user is created, PAS runs through all the plugins implementing the IUserAdder interface, but once a plugin indicates that it created a user, it proceeds no further. right, which makes sense to me, you don't really want it to create multiple users, shadowing each other for login purposes. only one gets to login. it sounds like you just want to have your custom useradder plugin ordered higher than the default zodb user plugin. I was expecting it to pass the details onto all the plugins, to give each a chance to create any additional information the plugin needs, and to avoid having to produce a succession of plugins. In the same way that the properties plugins each get to provide a separate property sheet, rather than just returning the first one. property providers are separate then adder, and each property provider is called for a principle. I would like to change this so all IUserAdder plugins get a chance to fire - does anyone have an opinion on it? -1, semantically makes no sense. -kapil ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Re: PlonePAS using SQL get AttributeError
On Thu, 19 Apr 2007 08:16:25 -0400, Sidnei da Silva [EMAIL PROTECTED] wrote: On 4/19/07, Wichert Akkerman [EMAIL PROTECTED] wrote: Previously Sidnei da Silva wrote: Lets rephrase this: is the problem you see that the site user folder (which will be a PAS) issues a challenge, which results in credentials which the root user folder can not handle? Yes. why wouldn't the root just fall back to its own default if it can't find credentials, like in the case of a standard zodb user folder at the root, basic auth? ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] Re: PlonePAS using SQL get AttributeError
On Thu, 19 Apr 2007 08:33:16 -0400, Sidnei da Silva [EMAIL PROTECTED] wrote: On 4/19/07, Wichert Akkerman [EMAIL PROTECTED] wrote: But you can get that even with PAS if you change the challenger in your site PAS. For example if I configure my site to only allow OpenID logins you can no longer use the emergency user since no challenger will result in usernamepassword style credentials. Correct. In the case of PlonePAS, we are just making the default, out-of-the-box config be not broken instead of being broken by default. looking at this further, there really doesn't seem to be any good way to allow the root to be a non pas, and allow the plone default authentication (form based) to work with users in the root, without replacing the root. the way pas monkey patches the response during traversal, basically asserts only the inner most user folder gets a chance to challenge. apologies to the integrators, there really isn't a workaround for this outside of reworking pas's challenge mechanism or the challenge plugins to allow delegation up the chain, the means of which isn't apparent to me. -kapil ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] PlonePAS using SQL get AttributeError
my understanding is that part of the reason this was done, was laziness, on the part of the integrators, who didn't want to deal with the issues of having non pas users from the root acl browsing a plone site, and conditionally dealing with those the users within the plone code. i agree that its lame. -kapil On Wed, 18 Apr 2007 21:36:24 -0400, Ben Mason [EMAIL PROTECTED] wrote: I agree, I think the way PlonePAS replaces the root acl_users is very bad. I hope this gets addressed. Surely there is no need for it to do that. Ben On 19/4/07 02:01, James J Myers [EMAIL PROTECTED] wrote: I found the SQLPASPlugin on the Plone site or the collective - not sure which. I pretty much rewrote it to get it to do what I wanted. I got no help from this list or anywhere else. PlonePAS provides a PropertyProvider set of interfaces for setting/getting properties from an external source. There is something strange in the install process. When I install my product and create an acl_users in my Plone site, it seems to also add it to the root acl_users which I don't like at all. Since I had trouble getting acquisition to work, I created a zsql method in source_users and directly addressed it. Hope all this helps... Jim Myers Chris Withers wrote: i James, James J Myers wrote: I've written a PlonePAS plugin loosely based on SQLPASPlugin for authentication. I'm going to be needing this functionality myself sometime soon. Where did you find the SQL plugin? What's the official way of getting users with extra properties from a relational back end? What bastardisations has Plone added that need to be supported? The code creates a zsql method in source_users which I can verify via the ZMI that it is there. Why do you need to create the zsql method using code? When the authenticate credentials plugin is called it appears to always be in the source_users folder, What do you mean by that? Why would be it fail sometimes and not others? How do I make it work reliably? 2007-04-07T18:02:10 INFO RACPASPlugin Traceback (most recent call last): authenticateCredentials: getUserInfo: File /usr/local/zope/instance1/Products/RACPASPlugin/plugins/usermanager.py, line 104, in authenticateCredentials res = self.getUserInfo(login) authenticateCredentials: getUserInfo: File /usr/local/zope/instance1/Products/RACPASPlugin/plugins/usermanager.py, line 253, in getUserInfo query = getattr(self, _UserQueryId) authenticateCredentials: getUserInfo: AttributeError: RACPAS_getUserInfo I wonder if a differing set of acquisiton contexts are involved somewhere along the line? cheers, Chris ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
[Zope-PAS] zope3 schemas and pas properties plugin
hi folks, i put together a zope3 schema based property provider, with plone ui integration using formlib forms, which might be of use (ZPL2.1) more info and code at, https://svn.objectrealms.net/svn/public/ore.member/trunk/src/ore/member/readme.txt cheers, kapil ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] plone and openSSO
i had to do this a few months back before sam went opensource. i relied on the apache agent to do auth, and had it pass the authenticated user name and groups in the request environment. the pas plugin for this (really just a generic pass through plugin) is available here. svn co https://svn.objectrealms.net/svn/public/pasplugins/samagentauth SAMAgentAuth implementing a full sam agent in zope is a bit of work, its a big stack to do it via the standards based mechanism of webservices. if you really want to go down this route and you have libertyalliance support in you sam installation, you should check out lasso, which will do some of the heavy lifting, but the move to samlv2 pares down the liberty protocols responsibilties to just websvcs so it might not be a long term viable option. internally alot of the sam agents just use a custom protocol that avoids the complexity of the websvc stack. hth, kapil lasso - http://lasso.entrouvert.org/ On Sun, 10 Sep 2006 19:29:50 -0700, Serge Zagorac [EMAIL PROTECTED] wrote: Hi All, Is there a plugin or initiative for authentication plugin between Plone / Zope and openSSO (formerly known as Sun Access manager) https://opensso.dev.java.net/ I would like to integrate our plone site into our portal site which is controled by the access manager (openSSO). I have been trying to write the plugin myself but got stuck because I did not know how to access clients (browsers) session cookies with python or zope's api.. What I would like to do is to get the value of the session cookie the access manager sets in the clients browser upon successful login and then invoke the web service via soap with the cookie value which returns the user name that I will then pass over to Zope. However I found this task impossible to do because I was not able to find the way to access client session cookies with python or zope. Or I'm wrong...?? Please help Thanks Serge ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] auth fallback with cookies
make the cookie auth plugin push form credentials into the the request as basic auth headers ala cookie crumbler. -k On Jul 26, 2005, at 4:09 PM, J Cameron Cooper wrote: Say I have a user in a root acl_users folder (call it 'admin'). I also have a PAS user folder in a sub-object of the root. This PAS is configured to do cookie auth, and users will typically login using a form. Now, if I try to log in as 'admin' in that form, it doesn't work. I think this is why: - credentials are supplied via a form to the PAS cookie auth plugin - there is no such user, so it fails - 'validate' returns None, so Zope goes to the next user folder (which the basic in the root where 'admin' lives) - that one tries to validate but gets nothing: it looks for HTTP basic credentials, but finds nothing, since login is form based Does this sound about right? Anybody have a strategy to get around this? --jcc -- Enfold Systems, LLC http://www.enfoldsystems.com ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas