On Tue, 2 May 2000, Garry Hodgson wrote:
but for one wrinkle. i need to authenticate users via a remote authentication service run by the company's HR organization. my organization explicitly does not want to be maintaining our own users and passwords, so i'd like to automatically create users as needed, rather than manually via the zope management interface.
i've built some test objects that do the authentication, but don't know, once i've figured out who someone is, how to fit this into zope's notion of users and roles.
I think that both the GenericUserFolder and the LoginManager should be able to handle this. I think the LoginManager architecture would work better for what you are trying to do (but I don't know its current status). GUF would also be able to handle it - it will involve pulling out the username from your HR cookie in the docLogin hook (possibly transparently to the user with an automatic redirect), and having your userAuthenticate hook do the check if the cookie is valid. Let me know if you choose this method and get stuck. You could also subclass any of the existing UserFolders depending on how you plan to maintain the other information you need (list of valid usernames, role membership, valid logon domains). -- ___ // Zen (alias Stuart Bishop) Work: zen@cs.rmit.edu.au // E N Senior Systems Alchemist Play: zen@shangri-la.dropbear.id.au //__ Computer Science, RMIT WWW: http://www.cs.rmit.edu.au/~zen