[Zope-dev] SAP SSO for Zope/CookieCrumbler/LDAPUserFolder
Dirk Datzert
dummy at habmalnefrage.de
Mon Jun 27 17:27:02 EDT 2005
Hi,
this is my solution for SSO for Zope by accepting SAP-SSO-Ticket.
SAP-SSO-Tickets are Cookies named MYSAPSSO2. They contain
SAP-PortalUserName, SAP-Username, Validate-Time of the ticket and a signed
signature by the issueing SAP-System.
Since we currently use CookieCrumbler and LDAPUserFolder it was my goal to
let the CookieCrumbler take the MYSAPSSO2 Cookie from the Request, let it
be validated by an external ticket verification service, store the
validated TicketInfo in the SESSION variable and let LDAPUserFolder load
the trusted PortalUser with roles from the LDAP-Directory.
Any comments or security discussion is welcome.
Zope 2.7.6, CookieCrumbler 1.2, LDAPUserFolder 2.5
Regards,
Dirk
--
Geschenkt: 3 Monate GMX ProMail gratis + 3 Ausgaben stern gratis
++ Jetzt anmelden & testen ++ http://www.gmx.net/de/go/promail ++
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cc-sso.patch
Type: text/x-diff
Size: 5747 bytes
Desc: not available
Url : http://mail.zope.org/pipermail/zope-dev/attachments/20050627/93049f6b/cc-sso.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: luf-sso.patch
Type: text/x-diff
Size: 1261 bytes
Desc: not available
Url : http://mail.zope.org/pipermail/zope-dev/attachments/20050627/93049f6b/luf-sso.bin
More information about the Zope-Dev
mailing list