Tiller, Michael (M.M.) wrote:

I'm trying to setup a Zope server on our corporate intRAnet set. We have a formal system of authenticating users. It is centralized. I don't want to go into too much detail, but suffice it to say that I can invoke a program and it will tell me whether the person requesting my page has a valid certificate and, if so, who the person is.

What is the best scheme for integrating such a program into the Zope authentication and identification process. Key things are:

1) The user does not provide a password, only the validity of the certificate is checked.

This detail I cannot really advise on. You're trying to get a certificate? If it comes in REQUEST it's easy to get.

2) How do I invoke an external program from Zope?!?

Any filesystem-based code can do it, using the usual Python calls. (This means External Methods and Products.)

3) Are there any "out-of-the-box" user folders that can handle this? I couldn't find any. If not, what is the best open ended product and what would I need to do?

SimpleUserFolder ExtensibleUserFolder PluggableUserFolder all provide some simplified API for arbitrary user sources, authorization, and authentication. --jcc -- "Code generators follow the 80/20 rule. They solve most of the problems, but not all of the problems. There are always features and edge cases that will need hand-coding. Even if code generation could build 100 percent of the application, there will still be an endless supply of boring meetings about feature design." (http://www.devx.com/java/editorial/15511)