Hi, this is my solution for SSO for Zope by accepting SAP-SSO-Ticket. SAP-SSO-Tickets are Cookies named MYSAPSSO2. They contain SAP-PortalUserName, SAP-Username, Validate-Time of the ticket and a signed signature by the issueing SAP-System. Since we currently use CookieCrumbler and LDAPUserFolder it was my goal to let the CookieCrumbler take the MYSAPSSO2 Cookie from the Request, let it be validated by an external ticket verification service, store the validated TicketInfo in the SESSION variable and let LDAPUserFolder load the trusted PortalUser with roles from the LDAP-Directory. Any comments or security discussion is welcome. Zope 2.7.6, CookieCrumbler 1.2, LDAPUserFolder 2.5 Regards, Dirk -- Geschenkt: 3 Monate GMX ProMail gratis + 3 Ausgaben stern gratis ++ Jetzt anmelden & testen ++ http://www.gmx.net/de/go/promail ++