[Zope-PAS]
Re: using Session Auth Helper, sequence of active plugins
Tres Seaver
tseaver at palladion.com
Tue Apr 10 18:17:33 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
robert rottermann wrote:
> Hi there,
>
> I would like to use Session Auth Helper to authenticate a user after he
> has logged into a site using Active Directory.
>
> this are the steps I use to create the setup:
> - add an ActiveDirectory Multiplugin
> - activate all services
> - apply patches to have the groups working
> according instructions on Plone I install
> LDAPMultiPlugins-plone.org.patch from antiloop.plone.org
> - add an Session Auth Helper
> - activate all three services (Reset Credentials, UpdateCredentials,
> Extraction)
> - Up the session timeout of the site to 5 hours
>
> Now my questions:
> - do I have to change the sequence of the active plugins to avoid
> contacting the AD server after a successful login
> (as long the session is active)
> it is like this now
> credentials_cookie_auth
> AD Multiplugin
> Session Auth Helper
>
> - is there something else I have to take care of?
Yes, you want the session auth plugin to be registered *ahead* of the AD
/ LDAP plugin, in the registration for IAuthenticateCredentials. That
list looks like the one for IExtractCredentials (the cookie plugin can't
actually authenticate, it only retrieves credentials from the request).
Tres.
- --
===================================================================
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGHAz9+gerLs4ltQ4RAo5JAJ4kVxTZ9badjK0VhVjGrKScqhocmgCcDYu8
RjQursJjH2PLjN7MNTZpvSs=
=dLj/
-----END PGP SIGNATURE-----
More information about the Zope-PAS
mailing list