> I have been able to log in to my zope instance via > localhost:8080/manage, and when I've added the 'access' file with my > username, a colon, and a newline, no password is required to login. So > I think the 'RemoteUserAuth' plugin described at the above site is > working correctly. I don't know this kind of SSO. Seems to be complicated. CACSiteRoot and RemoteUserAuth I don't know any of these... Think it will be difficult to help you until there is somebody that used those things, but maybe I'm wrong :)
> I don't fully grasp the way that user authentication works in zope. I'm > not sure where to begin to look for the problem here, and I'm hoping > someone can help. You may read about Zope Security system on plope.org in Zope Book 2.7 edition. You may want to take look at error_log, and maybe remove unauthorized from the list of omited exceptions there. Additionally you may want to enable VerboseSecurity in zope.conf. AFAIR you need to uncomment: SecurityPolicyImplementation Python VerboseSecurity On Maybe then you'll see more informations. And how to debug zope part of authentication... You may possibly take a look at the sources of RemoteUserAuth. It is possibly something with that. Simplest debugging may be done by adding print 'hello - im here!' statements to the RemoteUserAuth code, and then running Zope with ./runzope (or runzope.bat on Windows). It doesn't detach from console and you'll see your printed statements. You may also use pdb - python debugger: http://plone.org/documentation/how-to/using-pdb > However, when I try to access the ZMI via apache > (http://myhost.com/manage which gets rewritten to > http://localhost:8080/manage in apache proxy), I am prompted via basic > auth for username and password, and anything I enter is rejected. Typically apache rewrites make use of VirtualHostMonster in Zope but your's how to uses different syntax. > The expected behavior is that mod_fba sets an authorization header with > a username from pubcookie and sends it to zope with a page request for > the ZMI. I don't understand why this SSO is about ZMI? ZMI is Zope Management Interface - so it is rather for managers/programmers, not for typical users. Strange. We've sucessfully implemented SSO solution with CAS. There are nice plugins for Zope and Plone to deal with this. -- Maciej Wisniowski _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )