Maciej,
Thanks for the tips. I will try adding print statements and see where
that leads me.
As for understanding pubcookie, I'm not sure that's totally necessary.
I'm quite certain that that part of the operation is working correctly,
It's just what happens after that that I'm having problems with.
If you are interested, the 'RemoteUserAuth' product and it's companion,
'CACSiteRoot', the sources can be downloaded from the tutorial page:
http://www.washington.edu/webinfo/case/zope/
It'd be great, though if there were zope gurus out there who had
experience working with pubcookie. I've found a few messages on boards
from a while back that seemed to indicate that there were folks working on
a PAS plugin that would incorporate pubcookie, but I haven't seen any
information indicating that that was ever successful.
C
********************************
Cris Ewing
CME and Telehealth Web Services
Department of Radiology Web Services
University of Washington
School of Medicine
Work Phone: (206) 685-9116
Home Phone: (206) 365-3413
E-mail: [EMAIL PROTECTED]
*******************************
On Thu, 16 Nov 2006, Maciej Wisniowski wrote:
I have been able to log in to my zope instance via
localhost:8080/manage, and when I've added the 'access' file with my
username, a colon, and a newline, no password is required to login. So
I think the 'RemoteUserAuth' plugin described at the above site is
working correctly.
I don't know this kind of SSO. Seems to be complicated.
CACSiteRoot and RemoteUserAuth I don't know any of these... Think it
will be difficult to help you until there is somebody that used those
things, but maybe I'm wrong :)
I don't fully grasp the way that user authentication works in zope. I'm
not sure where to begin to look for the problem here, and I'm hoping
someone can help.
You may read about Zope Security system on plope.org in Zope Book 2.7
edition.
You may want to take look at error_log, and maybe remove unauthorized
from the list of omited exceptions there. Additionally you may want to
enable VerboseSecurity in zope.conf. AFAIR you need to uncomment:
SecurityPolicyImplementation Python
VerboseSecurity On
Maybe then you'll see more informations.
And how to debug zope part of authentication... You may possibly take a
look at the sources of RemoteUserAuth. It is possibly something with
that. Simplest debugging may be done by adding
print 'hello - im here!'
statements to the RemoteUserAuth code, and then running Zope with
./runzope (or runzope.bat on Windows). It doesn't detach from console
and you'll see your printed statements. You may also use pdb - python
debugger:
http://plone.org/documentation/how-to/using-pdb
However, when I try to access the ZMI via apache
(http://myhost.com/manage which gets rewritten to
http://localhost:8080/manage in apache proxy), I am prompted via basic
auth for username and password, and anything I enter is rejected.
Typically apache rewrites make use of VirtualHostMonster in Zope
but your's how to uses different syntax.
The expected behavior is that mod_fba sets an authorization header with
a username from pubcookie and sends it to zope with a page request for
the ZMI.
I don't understand why this SSO is about ZMI? ZMI is Zope Management
Interface - so it is rather for managers/programmers, not for typical
users. Strange.
We've sucessfully implemented SSO solution with CAS. There are nice
plugins for Zope and Plone to deal with this.
--
Maciej Wisniowski
_______________________________________________
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
