Hey Zope-Dev, We're currently in the middle of a UK JISC funded project to evaluate the use of Shibboleth in authenticating access to electronic learning resources in a Medical Education environment... we use Zope and ZEO extensively already, in providing an online learning environment, personal diaries and progress portfolios and many other aspects of the MB BS degree scheme here at Newcastle.
I've been looking at the ways in which others have 'shibbolized' their Zope systems... and most (well, the only ones I can find any technical documentation on) have used the Apache + FastCGI approach, along with the RemoteUserFolder product. I've already had test infrastructure in place and have tested with client side certificates in place of a working Shibboleth server (passing the Client cert CN as the remote user variable) and everything works rather well. The problem I'm facing is that the vast majority of the services we offer are hosted on multiple ZEO nodes, behind a load balancing front end server. This was a completely new infrastructure put in place less than a year ago - replacing a monolithic (and ageing!) Sun Enterprise system... Each node is lightweight, hosting only a ZEO instance... a physically separate Apache server is used very rarely, and mainly only for serving static content (static content URLs are caught by the load balancer and sent off to Apache)... this setup has given us excellent performance, and reducing Apache to a static content serving role has simplified things greatly... so we are reticent to change this. The only way I can see the Apache/FastCGI/ModShibboleth and Zope/RemoteUserFolder setup working, is if each ZEO instance has its own Apache server sitting in front of it.... which is something we have moved away from for obvious reasons. Has anyone any thoughts about how to go about shibboleth enabling a whole host of ZEO instances... without each one having an Apache server sitting in front of it? Or is there an alternative method out there that perhaps is not widely known? I know Zope4EDU is enabled, out of the box, but the licensing costs are simply not affordable for the number of hosts (6 discrete hosts), sites (at least half a dozen) and cpu's (12/14+) that we would be using... Regards -John John Snowdon - IT Support Specialist -==========================================- School of Medical Education Development Faculty of Medical Sciences Computing University of Newcastle _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )