[Zope] Authenticating off an external server

J Cameron Cooper jccooper at jcameroncooper.com
Thu Nov 20 18:24:33 EST 2003


Ian Bicking wrote:

> I'd like to authenticate in Zope off of another external server.  So, 
> say, user "bob" with password "secret" logs into Zope -- we then call 
> https://otherserver.com/auth?username=bob&password=secret, parse the 
> response, and the user is authenticated (or not) based the response.  
> (We could also try the external URL with HTTP authentication, it just 
> depends on the way the external server works)
>
> I looked into PluggableUserFolder some, and it seems possible but not 
> particularly elegant -- the best I could figure out was creating a new 
> PasswordEncryptionScheme which would do the web lookup, which is 
> rather bizarre and obviously a hack.

 From what I just read about it, it looks more like you want an 
Authentication Plugin (at least the second half.)

http://cvs.nuxeo.org/cgi-bin/viewcvs.cgi/PluggableUserFolder/doc/INTERNALS.txt?rev=HEAD&content-type=text/vnd.viewcvs-markup

Although based on the real interfaces, it looks like you might implement 
IIdentificationPlugin.

http://cvs.nuxeo.org/cgi-bin/viewcvs.cgi/PluggableUserFolder/PluginInterfaces.py?rev=HEAD&content-type=text/vnd.viewcvs-markup

> It seems like a useful thing to do, but I couldn't find any products 
> that did this.  Is there a better way to do this than this 
> PluggableUserFolder hackish thing?  Is there a product out there that 
> I didn't find?

I doubt that this is common enough to support an actual product. Even if 
people do this, the range of exact methods and nuances is probably so 
broad as to be very difficult to generalize.

You may have more luck with SimpleUserFolder or ExternalUserFolder 
(XUF). I don't know how the extension interfaces of these two stack up 
against PluggableUserFolder, but maybe they fit your model better.

          --jcc

-- 
"Code generators follow the 80/20 rule. They solve most of the problems, but not all of the problems. There are always features and edge cases that will need hand-coding. Even if code generation could build 100 percent of the application, there will still be an endless supply of boring meetings about feature design."
(http://www.devx.com/java/editorial/15511)





More information about the Zope mailing list