Dirk Datzert wrote:
Hi,
we have Zope 2.6.4 and 2.7.6 with LDAPUserFolder and CookieCrumbler in use.
One of our next goals is to integrate the Single-Sign-On-Ticket feature of
SAP-Portal.
SAP sent a cookie called MYSAPSSO2 which contains a certified signature and
the Login-Name of a user.
Normally the Login-Name will be validated by LDAPUserFolder with password
against LDAP-Directory and the roles of the user will be assigned to the
user object.
We have now an external web-service which can validate the MYSAPSSO2-Ticket
and return the Login-Name.
I'm looking now for the best way to integrate/rewrite
CookieCrumbler/LDAPUserFolder to take the validated Login-Name and read the
roles of the user out of the LDAP-directory.
Any ideas ? Maybe comments by Jens or Shane ?
Regards,
Dirk
I'm not sure this could work for you... I've tried integrating Zope with
an SSO system, which did not provide any authentication other than
setting a correct REMOTE_USER in the REQUEST (we did it behind Apache).
We succeded by subclassing CookieCrumbler so that it was able to deal
with those situations.
Also, we were working with Zope in Remote User Mode.
I can provide the code, if necessary.
Regards
Marco
_______________________________________________
Zope-Dev maillist - Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
