[Zope] SSO using Zope?

Dieter Maurer dieter@handshake.de
Sat, 1 Feb 2003 22:07:56 +0100


Andrew Kennel wrote at 2003-1-31 16:19 -0800:
 > I've been evaluating Zope as a possible corporate portal server for my 
 > company.  I'm currently working on tying it to our existing directories 
 > via LDAP and have been very impressed.
 > 
 > One feature I have not been able to find any reference re: Zope is SSO.  
 > (single sign-on)  one of the primary uses of this portal would be the 
 > ability for my user's to sign in once and have the portal then pass 
 > their credentials on to external pages.  Have there been any attempts at 
 > this using Zope?
With "sign-in" do you mean "log-in" and not "register"?

  When you mean register, share you LDAP data.

  When you mean "log-in", it's a bit more difficult.
  We do it somehow like this:

    We have a central database managing global sessions.

    When a visitor logs in, a session is opened for him
    and information about the session stored in the database.
    The session id is coded in the URL.

    Links to applications participating in the shared session
    usage are dynamically created and get contain the
    session id.

    When an application finds a session id, it checks validity
    and, if valid can ask the database about associated data,
    maybe user data.

  When all your applications are in the same domain (our's are not),
  then you can also use cookies to hold the session id.


Dieter