Just to add to that last message. If I type this into my browser url box: http://www.mysite.com/docLoginAction?__ac_name=myname&__ac_password=mypass &destination=http://www.mysite.com/admin/index.html (all on one line) I get straight into an area where login is required without going through the Zope login dialog. I wouldn't type this of course, for obvious security reasons. In Apache, you just need to test for the existence of the Zope 'authenticated indicator' (if that is possible) and do this sort of rewrite if the parameter does not exist. Cliff Tiller, Michael (M.M.) wrote:
Russell,
I sympathize. I am in a similar position (corporate intranet uses a proxy that authenticates before proxying). My solution so far has been to use Zope-2.6.2 in PCGI mode. This has left quite a bit to be desired (slow, seem to be some buffering issues that prevent download of large content). I've brought it up on on this list before but everybody says the same thing that they are saying to you, i.e. "that's the wrong way to do it". Unfortunately, for me it is the only way I'm allowed to do it. I was quite optimistic that Plone might catch on here, but I can't even get my site to work 100% so people are quite hesitant to use it. Because I'm using PCGI I'm stuck with Zope-2.6.2 so not only does the site not work 100%, I can't even run new versions of anything.
You might look at some of the customizable authentication products. I've looked at some of them and while several claim great flexibility through custom plug-ins, I couldn't really understand how to accomplish what I needed to do.
If you find a solution, let me know.
-- Mike
-----Original Message----- From: zope-bounces@zope.org [mailto:zope-bounces@zope.org] On Behalf
Of
Russell Seymour Sent: Friday, October 29, 2004 6:17 AM To: Cliff.Ford@ed.ac.uk Cc: zope@zope.org Subject: Re: [Zope] Apache ProxyPass to Zope
Thanks for the suggestions Cliff, the thing is that I need Apache to take care of the authentication.
This is because I am setting up a Zope application within an existing Virtual Host which already has the authentication setup on it. This
is
done using a Perl script which communicates with a Windows 2003 AD. I want to keep it this way so that it is easy to understand where the authntication is taking place and is only in one place.
Is it not possible to do what I want to do at all?
Thanks, Russell
Cliff Ford wrote:
I guess I would put it a bit stronger than Tino: don't waste your
time
trying to authenticate with Apache. Just past the request through Apache to Zope and do the authentication there. In my site, one of
the
things that Apache does is switch to secure mode (https) for login.
It
is Zope that needs to authenticate by changing its
AUTHENTICATED_USER
from Anonymous to something else.
Cliff
Russell Seymour wrote:
Good evening list,
I have been trying to get the REMOTE_USER variable to be seen by Zope. I have almost got there by using various articles on the Internet, but I need a little bit of help to get the last bit
working.
I have got Apache performing the authentication and this works well as I get the Zope page when I enter a valid username and password.
I
have noticed that the Z2 log file for my Zope instances contains
the
username that I have used to access the site, but I cannot get Zope itself to see the username - this is the most confusing bit for me
as
it surely means that the username is being passed to Zope.
The following is a snippet from my Apache:
<Location /zope> AuthName "Zope Access" AuthType Basic
<AUTHENTICATION ROUTINES> require valid-user
ProxyPass http://x.x.x.x:8080/zope
</Location>
ProxyPassReverse /zope http://x.x.x.x:8080/zope
This all works brilliantly apart from the fact that I cannot get
the
username in Zope. I need this do I can do some custom
authorisation
to a database that my Zope application accesses.
I have tried many different variations using RewriteRule and trying to set the environment variables but to no avail.
Thanks to anyone that can give me some pointers.
Russell _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )