Custom authentication that avoids login screens
Hi I have been pestering the good folks on #zope about this, as well as trying to ask in here a couple of times, but I'm not getting anywhere, and worse, I don't think people get what I am trying to do although it seems simple: Our site is served by Zope, as well as PHP and Perl - the entry point is in PHP - i.e. login screens, general stuff. By the time someone gets to the Zope pages, they should be already logged in. I've looked at both exUserFolder and SimpleUserFolder, but I still cannot see how to intercept the request before the UF presents the user with a login screen / HTTP basic auth dialog. The PHP part of the site will have set a cookie - in Zope I need to look for this cookie, and then use it as a key in our RDBMS to check whether or not to allow the user to proceed. If there's no cookie or the user is not authorized, I need to bounce them back to the PHP-based login system. TheJester suggested looking at remoteAuthMethod in exUF, but this method is called too late in the chain of events. Am I really not making sense? Anyone shed any light on this? TIA, Felix.
Felix Ulrich-Oltean writes:
... Our site is served by Zope, as well as PHP and Perl - the entry point is in PHP - i.e. login screens, general stuff. By the time someone gets to the Zope pages, they should be already logged in. I've looked at both exUserFolder and SimpleUserFolder, but I still cannot see how to intercept the request before the UF presents the user with a login screen / HTTP basic auth dialog. Most cookie user folders allow the customization of the login dialog. Make it a redirect to a page that handles your global (for PHP, Zope, ...) login.
This may pop up a login dialog or perform an automatic login based on already available login information. The login action is expected to have some variables (e.g. "__ac_name" and "__ac_password"). Let your login page come back with these variables set -- voila. As an alternative, you can Zope tell to not make its own authentication but use what is already available. I never used this myself but read about it in a document about Web-Server/Zope integration. It is detailed there for the case that the Web Server does the authentication. Look into the "doc" subdirectory of your Zope distribution. Dieter
participants (2)
-
Dieter Maurer -
Felix Ulrich-Oltean