[Zope-dev] Single Sign On

Gary Poster gary.poster at gmail.com
Tue Feb 17 19:31:55 EST 2009


Hi Shane.

Launchpad uses OpenID.  We don't have that slated for abstraction and  
open-sourcing immediately. However, most of the Launchpad code  
(including this bit) is to be open-sourced by this summer, abstracted  
or not.  Therefore, we should at least be able to give you some idea  
of what we have done before then.

I've forwarded your email to the primary implementer/designer of our  
OpenID integration.  Hopefully he can directly participate, or at  
least give me some answers to forward to you.

Generally, we're using python-openid for the Zope code, and an Apache  
plugin as a front-end for hooking up other bits.

Gary

On Feb 17, 2009, at 7:06 PM, Shane Hathaway wrote:

> I'm working with a customer on a single sign on (SSO) system for Zope.
> We haven't yet chosen which SSO system we want to use.  I would like  
> to
> hear from anyone who has set up SSO with Zope.
>
> We have some definite requirements:
>
> * We can't accept arbitrary identities like OpenID normally does.  We
> need to set up our own identity provider (IDP) and force our servers  
> to
> accept only identities provided by our own IDP.
>
> * The SSO process should be very similar to an ordinary cookie-based
> login process.  I don't want the user to have to enter their  
> username on
> one form and their password on another, but that's the standard OpenID
> process.
>
> * This will be implemented in Zope 3.
>
> We are considering OpenID, Shibboleth, CAS, and any other mature  
> system
> that others might suggest.  Shibboleth seems like the most obvious  
> fit,
> but it's nowhere near as popular as OpenID.  I haven't yet looked at  
> CAS
> in detail.
>
> Alternatively, I have wondered if we actually need full-blown SSO;
> perhaps a carefully constructed domain-wide cookie would do the trick.
> Any experiences with that?
>
> Thanks to anyone who participates.
>
> Shane
> _______________________________________________
> Zope-Dev maillist  -  Zope-Dev at zope.org
> http://mail.zope.org/mailman/listinfo/zope-dev
> **  No cross posts or HTML encoding!  **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope )



More information about the Zope-Dev mailing list