[Zope-PAS] Re: using Session Auth Helper, sequence of active plugins

robert rottermann robert at redcor.ch
Tue Apr 10 22:50:23 EDT 2007


Tres Seaver wrote:
> robert rottermann wrote:
> >> Hi there,
> >>
> >> I would like to use Session Auth Helper to authenticate a user after he
> >> has logged into a site using Active Directory.
> >>
> >> this are the steps I use to create the setup:
> >> - add an ActiveDirectory Multiplugin
> >>     - activate all services
> >> - apply patches to have the groups working
> >>     according instructions on Plone I install
> >>         LDAPMultiPlugins-plone.org.patch from antiloop.plone.org
> >> - add an Session Auth Helper
> >>     - activate all three services (Reset Credentials,
> UpdateCredentials,
> >> Extraction)
> >> - Up the session timeout of the site to 5 hours
> >>
> >> Now my questions:
> >> - do I have to change the sequence of the active plugins to avoid
> >> contacting the AD server after a successful login
>
> >>   (as long the session is active)
> >>     it is like this now
> >>         credentials_cookie_auth
> >>        AD Multiplugin
> >>        Session Auth Helper
> >>       
> >> - is there something else I have to take care of?
>
>
> Yes, you want the session auth plugin to be registered *ahead* of the AD
> / LDAP plugin, in the registration for IAuthenticateCredentials.  That
> list looks like the one for IExtractCredentials (the cookie plugin can't
> actually authenticate, it only retrieves credentials from the request).
>
>
> Tres.
> --
thanks Tres,
a stupid follow up question: what is ahead?
(from the context of this mail) I assume this means above of AD?

robert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: robert.vcf
Type: text/x-vcard
Size: 200 bytes
Desc: not available
Url : http://mail.zope.org/pipermail/zope-pas/attachments/20070411/80d2d5e8/robert-0001.vcf


More information about the Zope-PAS mailing list