[Zope] need advice on remote authentication
Stuart 'Zen' Bishop
zen@cs.rmit.edu.au
Fri, 12 May 2000 21:57:18 +1000 (EST)
On Tue, 2 May 2000, Garry Hodgson wrote:
> but for one wrinkle. i need to authenticate users via a remote
> authentication service run by the company's HR organization. my
> organization explicitly does not want to be maintaining our own
> users and passwords, so i'd like to automatically create users
> as needed, rather than manually via the zope management interface.
>
> i've built some test objects that do the authentication, but don't
> know, once i've figured out who someone is, how to fit this into
> zope's notion of users and roles.
I think that both the GenericUserFolder and the LoginManager should be
able to handle this. I think the LoginManager architecture would
work better for what you are trying to do (but I don't know its current
status).
GUF would also be able to handle it - it will involve pulling out the
username from your HR cookie in the docLogin hook (possibly transparently
to the user with an automatic redirect), and having your userAuthenticate
hook do the check if the cookie is valid. Let me know if you choose
this method and get stuck.
You could also subclass any of the existing UserFolders depending
on how you plan to maintain the other information you need (list of
valid usernames, role membership, valid logon domains).
--
___
// Zen (alias Stuart Bishop) Work: zen@cs.rmit.edu.au
// E N Senior Systems Alchemist Play: zen@shangri-la.dropbear.id.au
//__ Computer Science, RMIT WWW: http://www.cs.rmit.edu.au/~zen