[Zope-dev] Re: SAP SSO feature for Zope/LDAPUserFolder

Dirk Datzert dummy at habmalnefrage.de
Sat Jun 25 14:14:16 EDT 2005


Jens Vagelpohl schrieb:

>> I'm looking now for the best way to integrate/rewrite
>> CookieCrumbler/LDAPUserFolder to take the validated Login-Name and  read
the
>> roles of the user out of the LDAP-directory.
>
>
> What *specifically* does not work? Have you tried it and developed a  list
of features that are missing for it to work?
>
> jens

I'm starting at the beginning :)

I have a web-service that accepts a MYSAPSSO2-Cookie and return the
User-Name if the signature included in the MYSAPSSO2-Cookie can be verified.

I have a zope with CookieCrumber/LDAPUserFolder connected to LDAP-directory.
The LDAPUserFolder can be configured anonymous or to use a managers-DN to
access the LDAP-directory. Normally a user would enter a form-based password
on first login and the CookieCrumber will sent back a Cookie were the
authentication result of LDAPUserFolder is stored for next requests.

My idea in first step is now that the CookieCrumber can take the
MYSAPSSO2-Cookie, sent the MYSAPSSO2-Cookie to the external web-service,
which return the real user-name, this user-name will be forwared/used by
LDAPUserFolder as an authenticated user (no authenticated bind with the
user-name, only bind anonymously or with managers-DN to read the roles of
the user) and LDAPUserFolder/LDAPUserSatellite will read the assigned
LDAP-groups and maps them to Zope-Roles.

Does this description help to understand me ? I don't know :)

Regards,
Dirk

-- 
Geschenkt: 3 Monate GMX ProMail gratis + 3 Ausgaben stern gratis
++ Jetzt anmelden & testen ++ http://www.gmx.net/de/go/promail ++


More information about the Zope-Dev mailing list