[Zope] Apache ProxyPass to Zope

Cliff Ford Cliff.Ford at ed.ac.uk
Fri Oct 29 10:36:06 EDT 2004


Just to add to that last message. If I type this into my browser url box:

http://www.mysite.com/docLoginAction?__ac_name=myname&__ac_password=mypass
&destination=http://www.mysite.com/admin/index.html
(all on one line)

I get straight into an area where login is required without going 
through the Zope login dialog. I wouldn't type this of course, for 
obvious security reasons. In Apache, you just need to test for the 
existence of the Zope 'authenticated indicator' (if that is possible) 
and do this sort of rewrite if the parameter does not exist.

Cliff

Tiller, Michael (M.M.) wrote:
> Russell,
> 
>   I sympathize.  I am in a similar position (corporate intranet uses a
> proxy that authenticates before proxying).  My solution so far has been
> to use Zope-2.6.2 in PCGI mode.  This has left quite a bit to be desired
> (slow, seem to be some buffering issues that prevent download of large
> content).  I've brought it up on on this list before but everybody says
> the same thing that they are saying to you, i.e. "that's the wrong way
> to do it".  Unfortunately, for me it is the only way I'm allowed to do
> it.  I was quite optimistic that Plone might catch on here, but I can't
> even get my site to work 100% so people are quite hesitant to use it.
> Because I'm using PCGI I'm stuck with Zope-2.6.2 so not only does the
> site not work 100%, I can't even run new versions of anything.
> 
>   You might look at some of the customizable authentication products.
> I've looked at some of them and while several claim great flexibility
> through custom plug-ins, I couldn't really understand how to accomplish
> what I needed to do.
> 
>   If you find a solution, let me know.
> 
> --
> Mike
> 
> 
>>-----Original Message-----
>>From: zope-bounces at zope.org [mailto:zope-bounces at zope.org] On Behalf
> 
> Of
> 
>>Russell Seymour
>>Sent: Friday, October 29, 2004 6:17 AM
>>To: Cliff.Ford at ed.ac.uk
>>Cc: zope at zope.org
>>Subject: Re: [Zope] Apache ProxyPass to Zope
>>
>>Thanks for the suggestions Cliff, the thing is that I need Apache to
>>take care of the authentication.
>>
>>This is because I am setting up a Zope application within an existing
>>Virtual Host which already has the authentication setup on it.  This
> 
> is
> 
>>done using a Perl script which communicates with a Windows 2003 AD.  I
>>want to keep it this way so that it is easy to understand where the
>>authntication is taking place and is only in one place.
>>
>>Is it not possible to do what I want to do at all?
>>
>>Thanks,  Russell
>>
>>Cliff Ford wrote:
>>
>>
>>>I guess I would put it a bit stronger than Tino: don't waste your
> 
> time
> 
>>>trying to authenticate with Apache. Just past the request through
>>>Apache to Zope and do the authentication there. In my site, one of
> 
> the
> 
>>>things that Apache does is switch to secure mode (https) for login.
> 
> It
> 
>>>is Zope that needs to authenticate by changing its
> 
> AUTHENTICATED_USER
> 
>>>from Anonymous to something else.
>>>
>>>Cliff
>>>
>>>Russell Seymour wrote:
>>>
>>>
>>>>Good evening list,
>>>>
>>>>I have been trying to get the REMOTE_USER variable to be seen by
>>>>Zope.  I have almost got there by using various articles on the
>>>>Internet, but I need a little bit of help to get the last bit
> 
> working.
> 
>>>>I have got Apache performing the authentication and this works well
>>>>as I get the Zope page when I enter a valid username and password.
> 
> I
> 
>>>>have noticed that the Z2 log file for my Zope instances contains
> 
> the
> 
>>>>username that I have used to access the site, but I cannot get Zope
>>>>itself to see the username - this is the most confusing bit for me
> 
> as
> 
>>>>it surely means that the username is being passed to Zope.
>>>>
>>>>The following is a snippet from my Apache:
>>>>
>>>><Location /zope>
>>>>   AuthName "Zope Access"
>>>>   AuthType Basic
>>>>
>>>>   <AUTHENTICATION ROUTINES>
>>>>   require valid-user
>>>>
>>>>   ProxyPass http://x.x.x.x:8080/zope
>>>>
>>>></Location>
>>>>
>>>>ProxyPassReverse /zope http://x.x.x.x:8080/zope
>>>>
>>>>This all works brilliantly apart from the fact that I cannot get
> 
> the
> 
>>>>username in Zope.  I need this do I can do some custom
> 
> authorisation
> 
>>>>to a database that my Zope application accesses.
>>>>
>>>>I have tried many different variations using RewriteRule and trying
>>>>to set the environment variables but to no avail.
>>>>
>>>>Thanks to anyone that can give me some pointers.
>>>>
>>>>Russell
>>>>_______________________________________________
>>>>Zope maillist  -  Zope at zope.org
>>>>http://mail.zope.org/mailman/listinfo/zope
>>>>**   No cross posts or HTML encoding!  **
>>>>(Related lists -
> 
> http://mail.zope.org/mailman/listinfo/zope-announce
> 
>>>>http://mail.zope.org/mailman/listinfo/zope-dev )
>>>
>>_______________________________________________
>>Zope maillist  -  Zope at zope.org
>>http://mail.zope.org/mailman/listinfo/zope
>>**   No cross posts or HTML encoding!  **
>>(Related lists -
>> http://mail.zope.org/mailman/listinfo/zope-announce
>> http://mail.zope.org/mailman/listinfo/zope-dev )
> 
> 


More information about the Zope mailing list