On Thu, Feb 9, 2012 at 9:41 AM, Michael Miller <[email protected]> wrote: > Hi all, > > We would like to customize Plone to read groups (membership information) > from an external source. > > At UCLA we have successfully integrated Plone with Shibboleth (using > WebServerAuth) which provides the authenticated user in a header. We have a > generic groups management system called Grouper > (http://grouper.internet2.edu). We would like to leverage Grouper's group > functionality that is delivered via Shibboleth headers. > > Here's an idea of how we envision this working: > > Manage Plone groups in Grouper. Manage roles using the Plone administration > portal. Upon authentication, Shibboleth will deliver all groups that the > user is a member of via request headers. Identify the plugin point within > Plone/Zope, read the groups from the request header, use the group id/name > to get the roles (from ZOPE Group manager??). > > We need help identifying the plugin point where we would need to do this and > how/where to read roles. > > does anyone have suggestions on where we might start?
This sounds like exactly what you'd create a PAS Plugin to do. https://plone.org/documentation/manual/developer-manual/users-and-security/pluggable-authentication-service/ and http://collective-docs.readthedocs.org/en/latest/members/pluggable_authentication_service/index.html are good references. :jon _______________________________________________ Product-Developers mailing list [email protected] https://lists.plone.org/mailman/listinfo/plone-product-developers
