Excerpts from Oliver's message of Fri Sep 10 15:35:42 -0300 2010:
> hi,
>
> I am using repoze.who.plugins.openid with following configurations:
>
>
> [plugin:openid]
> use = repoze.who.plugins.openid:make_identification_plugin
> store = file
> store_file_path = %(here)s/sstore
> openid_field = openid
> came_from_field = came_from
> error_field = error
> session_name = beaker.session
> login_form_url = /account/openid_login
>
> My understanding is if a controller needs authentication (by putting
> not_anonymous() predicate before action or controller), the middleware
> will try to redirect to login form specified by /account/openid_login.
>
> However, this doesn't seem to have any effect, for whatever reason, it
> insists on directing to /account/login, any idea?
>
> TIA
>
> Oliver
>
You need to configure repoze.who through repoze.what in order to use
repoze what protectors like not_anonymous. Besides that, remember that
the standard openid plugin has only a dummy authenticator plugin that
does nothing and you might need to extend it to make it talk with your
database or whatever.
In my case instead of using who.ini for configuring the plugin I did all
in middleware.py. Find below my configuration (repdotcom is the name of
my pylons project, everything else is standard repoze what/who).
Feel free to ask any clarification you need to understand the code.
from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin
from repoze.who.plugins.openid.identification import OpenIdIdentificationPlugin
from repdotcom.lib.auth import OpenIdMetadata, OpenIdAuthenticator
from repoze.who.classifiers import default_request_classifier
from repoze.who.plugins.openid.classifiers import openid_challenge_decider
from repoze.what.middleware import setup_auth
from repdotcom.config.environment import load_environment
def make_app(global_conf, full_stack=True, static_files=True, **app_conf):
... some code here ...
# CUSTOM MIDDLEWARE HERE (filtered by error handling middlewares)
openid = OpenIdIdentificationPlugin(
store='file',
openid_field='openid',
session_name='pylons.session',
login_handler_path='/openid_login_handler',
logout_handler_path='/logout_handler',
login_form_url='/login',
error_field='error',
logged_in_url='/welcome_back',
logged_out_url='/see_you_later',
came_from_field='came_from',
store_file_path=app_conf['cache_dir']+'/sstore',
rememberer_name='auth_tkt',
attr_ex='openid.ax.required=email
openid.ax.type.email=http://axschema.org/contact/email')
auth_tkt = AuthTktCookiePlugin(secret='xxxxxxxxxx', secure=True,
timeout=86400, reissue_time=3600)
authenticator = OpenIdAuthenticator()
openidmd = OpenIdMetadata()
app = setup_auth(app, None, None,
identifiers=[('openid', openid),
('auth_tkt', auth_tkt)],
authenticators=[('authenticator', authenticator)],
challengers=[('openid', openid)],
mdproviders=[('mdproviders', openidmd)],
classifier=default_request_classifier,
challenge_decider=openid_challenge_decider,
log_stream=app_conf['who.log_file'],
log_level=app_conf['who.log_level'])
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
