Re: [Zope3-Users] Re: Remote authentication
Hi Maciej. I'll definitely check this out and look for docs on the plugin. It sounds very promising since it is a working solution for Z2 :-) On top of it, there ought to be good hints in Z2's PAS for doing something in Z3. Hopefully it can be worked in to some functionality for users/groups for z3. Many thanks. Regards, David Maciej Wisniowski wrote: Hi! For single sign on there is also CAS (Central Authentication Service). We're sucessfully using this in our Zope2 apps. It has plugin for PAS in Zope2 (CAS4PAS). CAS also works with other systems - plugins for java, php and other exists. Important thing here is to distinguish between authentication and authorization. For example SSO like CAS can only tell you if your user is authenticated. It won't tell you if he has some permissions and/or roles to do something. But with PAS you can write another plugin that will set proper roles for user etc. ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Re: Remote authentication
Hi! For single sign on there is also CAS (Central Authentication Service). We're sucessfully using this in our Zope2 apps. It has plugin for PAS in Zope2 (CAS4PAS). CAS also works with other systems - plugins for java, php and other exists. Important thing here is to distinguish between authentication and authorization. For example SSO like CAS can only tell you if your user is authenticated. It won't tell you if he has some permissions and/or roles to do something. But with PAS you can write another plugin that will set proper roles for user etc. -- Maciej Wisniowski ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Re: Remote authentication
Hi thanks Raphael, thanks for this. I also managed to find an OpenId server in python also so this part is looking quite doable. There is also an example implementation for django. The unanswered question for me on the OpenId concept is how one manages user public and private context. For example, if I am an employee in a an org would I have an OpenId here as well as one for myself privately - need to do some more reading and perhaps subscribe to their list. I have to read a bit more on what this means as far as security, trust or whether there is any loss of autonomy for closely managing users as a result. Many thanks. Regards, David Raphael Ritz wrote: David Pratt wrote: Hi Hermann. Thanks for your reply. Haven't quite decided on this but I've got things to try that might be more efficient than xmlrpc. I'm likely to attempt an authentication server with web service style SSO at this point though OpenId is attractive. I don't know if anyone has made a plugin yet for z3 for OpenId but I might try this. Wiggy has written a PAS plugin for OpneId support in Plone http://svn.plone.org/svn/plone/plone.openid/trunk/ which may serve as a starting point if you are interested. Raphael I am not sure how OpenId handles different contexts for users at this point (for example being a user at a worksite, and then a public user) though but I will be experimenting with it regardless. Many thanks. Regards, David ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
[Zope3-Users] Re: Remote authentication
David Pratt wrote: Hi Hermann. Thanks for your reply. Haven't quite decided on this but I've got things to try that might be more efficient than xmlrpc. I'm likely to attempt an authentication server with web service style SSO at this point though OpenId is attractive. I don't know if anyone has made a plugin yet for z3 for OpenId but I might try this. Wiggy has written a PAS plugin for OpneId support in Plone http://svn.plone.org/svn/plone/plone.openid/trunk/ which may serve as a starting point if you are interested. Raphael I am not sure how OpenId handles different contexts for users at this point (for example being a user at a worksite, and then a public user) though but I will be experimenting with it regardless. Many thanks. Regards, David ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Still trying to connect to ZODB from external
Am Mittwoch, 9. Mai 2007 18:18 schrieb Stefan H. Holek: > You *must* either commit or abort your transaction. Ok, so I would prefer to commit. ;-) If I understood the code correctly I need to have an object implementing IStorage in order to do that. But I haven't found out where to get such an object? Thanks, Florian > On 8. Mai 2007, at 23:02, Florian Lindner wrote: > > File "/home/florian/Zope3/src/ZODB/Connection.py", line 268, in > > close > > raise ConnectionStateError("Cannot close a connection joined to " > > ZODB.POSException.ConnectionStateError: Cannot close a connection > > joined to a > > transaction > > > > What is the right way to do it? > > -- > Anything that happens, happens. --Douglas Adams ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Remote authentication
Hi Hermann. Thanks for your reply. Haven't quite decided on this but I've got things to try that might be more efficient than xmlrpc. I'm likely to attempt an authentication server with web service style SSO at this point though OpenId is attractive. I don't know if anyone has made a plugin yet for z3 for OpenId but I might try this. I am not sure how OpenId handles different contexts for users at this point (for example being a user at a worksite, and then a public user) though but I will be experimenting with it regardless. Many thanks. Regards, David Hermann Himmelbauer wrote: Am Donnerstag, 10. Mai 2007 18:13 schrieb David Pratt: Hi. Has anyone got a bit of a blueprint for a remote authentication in zope 3. I wish to authenticate on a z3 site (site 1) using credentials stored on a different z3 site (site 2) over the Internet (otherwise would likely use LDAP). I do not want to maintain users on site 1. I only want users from a couple of groups on site 2 to be able to access site 1. I was thinking of using xmlrpc but will likely use a different transport with better security and encryption. To my mind, xmlrpc can also be transported via HTTPS. At a quick glance, I therefore cannot see any security issues. I'd rather think about performance problems. If HTTPS is no option, a VPN connection between the two servers would probably also be a secure solution. Regards, Hermann ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Sorry about that last email
Hello Greg, Quite easily, you can write: contains('mypackage.package.IReport') That gets not resolved at import time. Friday, May 11, 2007, 1:43:44 PM, you wrote: GB> Hrm, it appears that ctrl-enter in kmail actually sends emails... Sorry about GB> that last one.. GB> Anyway, my question: GB> interfaces.py: GB> -- GB> class IReport(Interface): GB> containers(IReportContainer) GB> class IReportContainer(IContainer): GB> contains(IReport) GB> the above two classes reside in the same module, interfaces.py... Since they GB> both depend on each other, I am having the problem of a circular dependency. GB> How can I resolve this? GB> Greg GB> ___ GB> Zope3-users mailing list GB> Zope3-users@zope.org GB> http://mail.zope.org/mailman/listinfo/zope3-users -- Best regards, Groszer Adam -- Quote of the day: Katz' Law: Man and nations will act rationally when all other possibilities have been exhausted. ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
[Zope3-Users] Sorry about that last email
Hrm, it appears that ctrl-enter in kmail actually sends emails... Sorry about that last one.. Anyway, my question: interfaces.py: -- class IReport(Interface): containers(IReportContainer) class IReportContainer(IContainer): contains(IReport) the above two classes reside in the same module, interfaces.py... Since they both depend on each other, I am having the problem of a circular dependency. How can I resolve this? Greg ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
[Zope3-Users] Circular dependency issue
How do I resolve the following: ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users