[Zope-PAS] Re: Zope-PAS Digest, Vol 20, Issue 3
Brecht Samyn
Brecht.Samyn at kulak.ac.be
Mon Mar 20 03:38:25 EST 2006
Sven Deichmann <deichmann at ...> writes:
> > Something like this:
> > - someone logs in for the first time
> > - some PAS plugins (extraction, authentication, ...) were executed
> > - one of these plugins calls portal_registration.addMember(userid,...)
> > - now the new user had a memberfolder and can change his own preferences
> >
> > But it's not clear to me which kind of plugin I should use. I tried to
> > put the
> > code in the authentiation plugin, but I can't do addMember in this plugin
> > because I'm in the process of being authenticated.
> >
> > Brecht
>
> Hello,
> maybe I am mistaken, but if understand you correctly, the user is
> somehow already existing (after all he is able to authenticate himself
> by some means (LDAP, PAM, whatever)). If that is not sufficient for
> (Plone)PAS to have your Member folder beeing created on first Plone site
> login, there will be a (conceptual or functional) bug in Plone.
Zope PAS doesn't do the authentication checks: it just tests if someone
else did (it checks if the user has a "ticket").
The useraccount exists at the "Shibboleth identity provider" (say, at the
headquarters ;-) ). We (local department) don't have/want access to this
accountinfo. When someone is correctly authenticated at the identity provider,
Apache (that sits in front of Zope) gets some attributes from it, which it
passes to the web application by means of request variables. If such a variable
(with a username) exists in the request, we know that this person has passed the
authentication check at the identity provider.
So it is possible for someone to log in to Zope/Plone without going through the
Plone portal_registration steps. And I want to automatically do this
registration the first time someone logs in.
Brecht
More information about the Zope-PAS
mailing list