[Zope-dev] ZEO, FastCGI and Shibboleth
John Snowdon
J.P.Snowdon at newcastle.ac.uk
Mon Apr 25 06:58:17 EDT 2005
Hey Zope-Dev,
We're currently in the middle of a UK JISC funded project to evaluate
the use of Shibboleth in authenticating access to electronic learning
resources in a Medical Education environment... we use Zope and ZEO
extensively already, in providing an online learning environment,
personal diaries and progress portfolios and many other aspects of the
MB BS degree scheme here at Newcastle.
I've been looking at the ways in which others have 'shibbolized' their
Zope systems... and most (well, the only ones I can find any technical
documentation on) have used the Apache + FastCGI approach, along with
the RemoteUserFolder product. I've already had test infrastructure in
place and have tested with client side certificates in place of a
working Shibboleth server (passing the Client cert CN as the remote user
variable) and everything works rather well.
The problem I'm facing is that the vast majority of the services we
offer are hosted on multiple ZEO nodes, behind a load balancing front
end server.
This was a completely new infrastructure put in place less than a year
ago - replacing a monolithic (and ageing!) Sun Enterprise system... Each
node is lightweight, hosting only a ZEO instance... a physically
separate Apache server is used very rarely, and mainly only for serving
static content (static content URLs are caught by the load balancer and
sent off to Apache)... this setup has given us excellent performance,
and reducing Apache to a static content serving role has simplified
things greatly... so we are reticent to change this.
The only way I can see the Apache/FastCGI/ModShibboleth and
Zope/RemoteUserFolder setup working, is if each ZEO instance has its own
Apache server sitting in front of it.... which is something we have
moved away from for obvious reasons.
Has anyone any thoughts about how to go about shibboleth enabling a
whole host of ZEO instances... without each one having an Apache server
sitting in front of it? Or is there an alternative method out there that
perhaps is not widely known?
I know Zope4EDU is enabled, out of the box, but the licensing costs are
simply not affordable for the number of hosts (6 discrete hosts), sites
(at least half a dozen) and cpu's (12/14+) that we would be using...
Regards
-John
John Snowdon - IT Support Specialist
-==========================================-
School of Medical Education Development
Faculty of Medical Sciences Computing
University of Newcastle
More information about the Zope-Dev
mailing list