[Zope] PAS and SSO pubcookie question

cristopher pierson ewing cewing at u.washington.edu
Thu Nov 16 16:54:45 EST 2006 

Maciej,

Thanks for the tips.  I will try adding print statements and see where 
that leads me.

As for understanding pubcookie, I'm not sure that's totally necessary. 
I'm quite certain that that part of the operation is working correctly, 
It's just what happens after that that I'm having problems with.

If you are interested, the 'RemoteUserAuth' product and it's companion, 
'CACSiteRoot', the sources can be downloaded from the tutorial page:

http://www.washington.edu/webinfo/case/zope/

It'd be great, though if there were zope gurus out there who had 
experience working with pubcookie.  I've found a few messages on boards 
from a while back that seemed to indicate that there were folks working on 
a PAS plugin that would incorporate pubcookie, but I haven't seen any 
information indicating that that was ever successful.

C

********************************
Cris Ewing
CME and Telehealth Web Services
Department of Radiology Web Services
University of Washington
School of Medicine
Work Phone: (206) 685-9116
Home Phone: (206) 365-3413
E-mail: cewing at u.washington.edu
*******************************


On Thu, 16 Nov 2006, Maciej Wisniowski wrote:

>> I have been able to log in to my zope instance via
>> localhost:8080/manage, and when I've added the 'access' file with my
>> username, a colon, and a newline, no password is required to login.  So
>> I think the 'RemoteUserAuth' plugin described at the above site is
>> working correctly.
> I don't know this kind of SSO. Seems to be complicated.
> CACSiteRoot and RemoteUserAuth I don't know any of these... Think it
> will be difficult to help you until there is somebody that used those
> things, but maybe I'm wrong :)
>
>> I don't fully grasp the way that user authentication works in zope.  I'm
>> not sure where to begin to look for the problem here, and I'm hoping
>> someone can help.
> You may read about Zope Security system on plope.org in Zope Book 2.7
> edition.
>
> You may want to take look at error_log, and maybe remove unauthorized
> from the list of omited exceptions there. Additionally you may want to
> enable VerboseSecurity in zope.conf. AFAIR you need to uncomment:
>
> SecurityPolicyImplementation Python
> VerboseSecurity On
>
> Maybe then you'll see more informations.
>
>
> And how to debug zope part of authentication... You may possibly take a
> look at the sources of RemoteUserAuth. It is possibly something with
> that. Simplest debugging may be done by adding
>
> print 'hello - im here!'
>
> statements to the RemoteUserAuth code, and then running Zope with
> ./runzope (or runzope.bat on Windows). It doesn't detach from console
> and you'll see your printed statements. You may also use pdb - python
> debugger:
>
> http://plone.org/documentation/how-to/using-pdb
>
>
>
>> However, when I try to access the ZMI via apache
>> (http://myhost.com/manage which gets rewritten to
>> http://localhost:8080/manage in apache proxy), I am prompted via basic
>> auth for username and password, and anything I enter is rejected.
> Typically apache rewrites make use of VirtualHostMonster in Zope
> but your's how to uses different syntax.
>
>
>> The expected behavior is that mod_fba sets an authorization header with
>> a username from pubcookie and sends it to zope with a page request for
>> the ZMI.
> I don't understand why this SSO is about ZMI? ZMI is Zope Management
> Interface - so it is rather for managers/programmers, not for typical
> users. Strange.
>
> We've sucessfully implemented SSO solution with CAS. There are nice
> plugins for Zope and Plone to deal with this.
>
> -- 
> Maciej Wisniowski
>
>
>

More information about the Zope mailing list