Matthew Wilkes wrote:
On 17 Oct 2007, at 00:48, Derek Richardson wrote:
Matthew Wilkes wrote:
On 16 Oct 2007, at 23:23, Derek Richardson wrote:
Hey. I'm writing a package to provide a Plone 3.0-compatible UI for
PAS4CAS - a replacement for PloneCASLogin, which has not been
updated. The basics work. I now want to hide the login portlet,
since it is non-functional and confusing with CAS.
Hi Derek,
From my own dealings with CAS, the login form is certainly not
non-functional, it's only non-functional if CAS is the sole means of
authentication.
Hmmm. Under what conditions would you have two means (CAS + other) of
authentication? If there is a use case there, I need to think about
it. But it seems very strange to me. ;)
My students' union. The following is at various levels of implementation:
There are the following types of users:
1) Current students (CAS)
2) Staff (CAS)
3) Ex-students (maybe LDAP, maybe a different CAS server, maybe
something else)
4) Honorary Members (Membrane)
5) Associate members (Custom PAS or heavy-lifting with Membrane)
6) Affiliate members (IP matching/membrane)
The basic reasoning being there is a CAS server for current members of
the university, an LDAP directory of ex members and local storage of the
small number of people who are members of the union and not the university.
OK, I see the use case now.
I recommend creating your own CAS login portlet with a link to your
CAS provider and letting the user hide or show the standard login
portlet as needed.
Ah, that's what old PloneCASLogin did that I never understood. I mean,
if the 'login' link is on the personal bar always and does just as
good as a big 'CAS' button, then why spend the screen real estate?
But, again, if there's a legit use case here, I should consider it.
The login link can be overridden by customisers, it's not the place of
your plugin to say what the main method of authentication is.
Hmmm. Like I told Martin, my package is *just* ui, not the underlying CAS PAS
plugin. So, if I exclude everything customizers do, then my package disappears.
Maybe I just need a change in marketing rhetoric. My package is NOT for all CAS
deployments, especially ones involving multiple auth methods. My package is
simply so that folks who want CAS and only CAS and don't know how to do the UI
(I didn't when I started a year and a bit ago) have an easy way to get started -
install my package and BOOM, you have CAS working in the ui in a basic,
covers-the-80%-of-simple-cases-well way. Like PloneCASLogin does for pre-3.0 sites.
So, the login button change is the most important thing. Hiding the portlet will
be detailed in the README, 'cause it's simple TTW and *hard* with GS. That
leaves the logout link redirecting to the login page. I won't customize the
login page in my product, because, I now realize, that would be too invasive. So
I'll just look for a way to make the logout link log the user out and redirect
them to site root. Do you think that is acceptable?
I don't think we're going to use either of these (two auth mechs or
big CAS button) at Georgia Tech, but, if I'm going to do battle with
our legal dept to release this publicly (and I plan to), then I want
to do it right to make the effort worthwhile.
I recommend talking to Pete Walker at the University of Bristol, as I
know they're looking to do some work with Plone 3 and we use CAS
extensively. I've CCed him in.
I didn't CC him on this because I don't have Thunderbird (I read this as a gmane
newsgroup) set up to do email. But hopefully he'll drop in and let us know what
he thinks.
BTW, Matt, is was *great* sprinting with you this weekend. I really
appreciate your contributions to Vice.
I'm glad to be of help, sorry about the disappearing act yesterday, was
in a political party headquarters just as the leader stepped down, had
to give up my ethernet port pretty sharpish. You'll be happy to know I
have a working portal_syndication, I'm working on updating the GUI.
np, I know we all have day jobs and priorities. 'w00t!' on the working syntool
replacement. I'll watch the logs so I can look at it hot off the kbd. I plan to
cut an alpha2 within the next few weeks with a few more features - we'll slide
in the syntool and hopefully wooda's work on documents as feeds, perhaps a few
other things as well.... ;)
Derek
_______________________________________________
Product-Developers mailing list
[email protected]
http://lists.plone.org/mailman/listinfo/product-developers
