I would like to have the users of my site authenticated via ssl certificates. Authentication works well with apache2, and I would like to have my zope working behind the proxy module of apache. I would not find it neccessary to leave the authentication to be done by apache, but I expect it to be simplier. I've found a product (SSL Certificate Authenticator Product), that uses apache's authentication, but it is only able to pass userinformation via pcgi connection to zope. I could not find any other zope product for this problem, however, this way is mentioned in the zope Wikis, as a common authentication method. (http://zope.org/Wikis/DevSite/Projects/ComponentArchitecture/StandardAuthent...) Is there a common (or uncommon) solution for this case? The second level of my question is, how to do all this if I need the advantages of the Groups User Folder? thanks, ger
BORGULYA Gergely wrote at 2005-2-13 15:20 +0100:
I would like to have the users of my site authenticated via ssl certificates. Authentication works well with apache2, and I would like to have my zope working behind the proxy module of apache. I would not find it neccessary to leave the authentication to be done by apache, but I expect it to be simplier. ... Is there a common (or uncommon) solution for this case?
There is a product called "RemoteUserFolder" which should allow "foreign" authentication (e.g. by Apache or a different WebServer). It looks for "REMOTE_USER" which the WebServer must provide. I do not know what you must do to convince Apache to provide this information. It might not work with "mod_proxy"...
The second level of my question is, how to do all this if I need the advantages of the Groups User Folder?
That's easy (at least in theory): Use use whatever UserFolder can handle the feature as user source into your GroupUserFolder. -- Dieter
On Sunday 13 February 2005 20:35, Dieter Maurer wrote:
BORGULYA Gergely wrote at 2005-2-13 15:20 +0100:
I would like to have the users of my site authenticated via ssl certificates. Authentication works well with apache2, and I would like to have my zope working behind the proxy module of apache. I would not find it neccessary to leave the authentication to be done by apache, but I expect it to be simplier. ... Is there a common (or uncommon) solution for this case?
There is a product called "RemoteUserFolder" which should allow "foreign" authentication (e.g. by Apache or a different WebServer). It looks for "REMOTE_USER" which the WebServer must provide. I do not know what you must do to convince Apache to provide this information. It might not work with "mod_proxy"...
ther is a directive RequestHeader (from mod_headers) which will work with mod_proxy (server behind the proxy will see these headers).
BORGULYA Gergely wrote:
Is there a common (or uncommon) solution for this case? The second level of my question is, how to do all this if I need the advantages of the Groups User Folder?
Have a look at SimpleUserFolder. You should be able to write getUserDetails as an external method that will do what you need... Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk
participants (4)
-
BORGULYA Gergely -
Chris Withers -
Dieter Maurer -
Vladimir Petrovic