[Zope-PAS] Struggling with 'challenge' support.

Mark Hammond mhammond at skippinet.com.au
Tue Sep 21 23:59:53 EDT 2004 

I'm looking at adding a new IChallengePlugin implementation.  To familiarize
myself, I started looking at HTTPBasicAuthHelper, and struck a problem.  I'm
using Zope 2.7 and CVS PAS.

I'm a bit of a Zope newbie, so please excuse anything obvious.  This is what
I did:
* Added a new Plone site.
* Set the 'view' and 'Access contents information' permissions to require
authenticated users.
* Deleted the cookie crumbler from the new site.
* Deleted acl_users from the new site, and added a PluggableAuthService.

At this stage trying to access the Plone site would request simple HTTP
authentication (not via PAS).  As I am trying to implement a challenge
plugin, I thought I would try HTTPBasicAuthHelper - it implements
'challenge'.

So I added a HTTPBasicAuthHelper to PAS, and enabled 'challenge'

If I then try and visit the site, I get an infinite recursion error:

  File "PluggableAuthService\plugins\HTTPBasicAuthHelper.py", line 94, in
challenge
    response.unauthorized()
  File "ZPublisher\HTTPResponse.py", line 664, in unauthorized
    self._unauthorized()
  File "PluggableAuthService\PluggableAuthService.py", line 1106, in
challenge
    challenger.challenge(req, resp)
  File "PluggableAuthService\plugins\HTTPBasicAuthHelper.py", line 94, in
challenge
    response.unauthorized()
  File "ZPublisher\HTTPResponse.py", line 664, in unauthorized
    self._unauthorized()

etc.

If I avoid the recursion and manually raise Unauthorized (which appears the
intent), I get an:
Unhandled exception in thread started by <class
ZServer.PubCore.ZServerPublisher.ZServerPublisher at 0x00A34870>
and the traceback referencing the exception I raised.

I need to do an NTLM dance - the authentication process will require my
plugin to return a 404 twice, each time exchanging tokens with the client in
headers.  I'm really not sure how my plugin is supposed to handle that.

Looking at recent mail, it appears that the only working plugin is a CAS
one - are the sources to that available?  Any other clues anyone can lend
me?

Thanks,

Mark.

More information about the Zope-PAS mailing list