En/na Luca Olivetti ha escrit:
At this point zope should see an additional header REMOTE_USER (with the consequent security risk: you should make sure that nobody can directly access zope otherwise they can fake this header and pose as any user) which is available in request.environ as HTTP_REMOTE_USER.
Then it's just a matter of using PAS with the SharkbyteSSOPlugin (http://dev.plone.org/collective/browser/SharkbyteSSOPlugin) configured to use HTTP_REMOTE_USER.
I'd suggest to change
userid = request.get(self.uservar)
to
userid = request.environ.get(self.uservar)
for a little more security - not that this setup seems really secure to me anyway, but I'm not a security expert ;-)
Ok, useless suggestion, since Zope request does "the right thing": 1)it will search in the environment before searching in the form and 2)it'll strip any form variable that starts with 'HTTP_' Bye -- Luca Olivetti Wetron Automatización S.A. http://www.wetron.es/ Tel. +34 93 5883004 Fax +34 93 5883007