Re: [Zope] sending a encrypted login URL
Joseph Thomas (s) wrote at 2009-3-4 10:29 -0600: We'd like to construct a zope login URL of the form on another server: http://zope.domain:port/context/logged_in?__ac_name=uzz__ac_passwor d=xxxsubmit=Log+in where the ac_name and ac_password parameters are encrypted using zope public key (?) and have the parameters decrypted when zope receives the request and login the user. Is there an API or some way to encrypt the username and password on the 3rd party app server and configure zope so that it treats the parameters as encrypted values rather than plaintext? We are doing this using the Python package M2Crypto.EVP for the encryption/decryption. -- Dieter ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] sending a encrypted login URL
Thanks, could you elaborate a bit, I'm somewhat new zope/plone: I assume we'd need a shared key on both on ore j2ee server and zope, and did you need to create any changes to Plone PAS? -Original Message- From: Dieter Maurer [mailto:die...@handshake.de] Sent: Thursday, March 05, 2009 1:55 PM To: Joseph Thomas (s) Cc: zope@zope.org Subject: Re: [Zope] sending a encrypted login URL Joseph Thomas (s) wrote at 2009-3-4 10:29 -0600: We'd like to construct a zope login URL of the form on another server: http://zope.domain:port/context/logged_in?__ac_name=uzz__ac_passwo r d=xxxsubmit=Log+in where the ac_name and ac_password parameters are encrypted using zope public key (?) and have the parameters decrypted when zope receives the request and login the user. Is there an API or some way to encrypt the username and password on the 3rd party app server and configure zope so that it treats the parameters as encrypted values rather than plaintext? We are doing this using the Python package M2Crypto.EVP for the encryption/decryption. -- Dieter Consider our environment; please print this e-mail only if truly necessary. Thank you! ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] sending a encrypted login URL
On Thu, Mar 5, 2009 at 21:01, Joseph Thomas (s) jtho...@cap.org wrote: Thanks, could you elaborate a bit, I'm somewhat new zope/plone: I assume we'd need a shared key on both on ore j2ee server and zope, and did you need to create any changes to Plone PAS? Tres explained it to you. You have to write a PAS plugin. There are a bunch of PAS plugins available that can serve as example. -aj ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] sending a encrypted login URL
Joseph Thomas (s) wrote at 2009-3-5 14:01 -0600: Thanks, could you elaborate a bit, I'm somewhat new zope/plone: I assume we'd need a shared key on both on ore j2ee server and zope EVP (documented in the *nix man pages) supports both symmetical as well as unsymmetrical encryption. When you use symmetrical encryption (we do), you need (of course) a shared secret. and did you need to create any changes to Plone PAS? We are not using Plone (GPL) but I think that no changes to Plone PAS would be necessary (exception in a moment). Instead of redirecting to logged_in, you can use a preprocessor (e.g. remotelogin) which decrypts the information and then calls logged_in. The problem which might force you the change something: The standard Plone user folders to not provide access to a cleartext password (for obvious security reasons). That means when you want to perform a remotelogin to your partner system, it is not easy to obtain the password for such a remote login. Your partner system may have the same problem when it performs a remote login to Plone. You can use an SSO solution, e.g. CAS. When I have understood correctly, there are PAS plugins supporting CAS. You can also change the PAS plugin that stores the user identification such that is also stores the password (e.g. in the session) such that you can retrieve it for a remote login. -- Dieter ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] sending a encrypted login URL
We'd like to construct a zope login URL of the form on another server: http://zope.domain:port/context/logged_in?__ac_name=uzz__ac_passwor d=xxxsubmit=Log+in where the ac_name and ac_password parameters are encrypted using zope public key (?) and have the parameters decrypted when zope receives the request and login the user. Is there an API or some way to encrypt the username and password on the 3rd party app server and configure zope so that it treats the parameters as encrypted values rather than plaintext? Joseph Thomas College of American Pathologists http://www.cap.org http://www.cap.org/ Consider our environment; please print this e-mail only if truly necessary. Thank you! ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] sending a encrypted login URL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Use SSL and you're done. - -aj On 04.03.2009 17:29 Uhr, Joseph Thomas (s) wrote: We’d like to construct a zope login URL of the form on another server: http://zope.domain:port/context/logged_in?__ac_name=uzz__ac_password=xxxsubmit=Log+in http://zope.domain:port/context/logged_in?__ac_name=uzz__ac_password=xxxsubmit=Log+in where the ac_name and ac_password parameters are encrypted using zope public key (?) and have the parameters decrypted when zope receives the request and login the user. Is there an API or some way to encrypt the username and password on the 3^rd party app server and configure zope so that it treats the parameters as encrypted values rather than plaintext? Joseph Thomas College of American Pathologists http://www.cap.org http://www.cap.org/ ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) - -- ZOPYX Ltd. Co. KG - Charlottenstr. 37/1 - 72070 Tübingen - Germany Web: www.zopyx.com - Email: i...@zopyx.com - Phone +49 - 7071 - 793376 Registergericht: Amtsgericht Stuttgart, Handelsregister A 381535 Geschäftsführer/Gesellschafter: ZOPYX Limited, Birmingham, UK - E-Publishing, Python, Zope Plone development, Consulting -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkmurnAACgkQCJIWIbr9KYylKQCgn3WWP5SzGrrAQbJIQXv7Bfac 3fwAoIiI4iwtVBFVRg7jtZu5Vgy5fw3f =MHol -END PGP SIGNATURE- begin:vcard fn:Andreas Jung n:Jung;Andreas org:ZOPYX Ltd. Co. KG adr;quoted-printable:;;Charlottenstr. 37/1;T=C3=BCbingen;;72070;Germany email;internet:i...@zopyx.com title:CEO tel;work:+49-7071-793376 tel;fax:+49-7071-7936840 tel;home:+49-7071-793257 x-mozilla-html:FALSE url:www.zopyx.com version:2.1 end:vcard ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] sending a encrypted login URL
Andreas Jung wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Use SSL and you're done. SSL solves SSO? I don't think so. Cheers Tino - -aj On 04.03.2009 17:29 Uhr, Joseph Thomas (s) wrote: We’d like to construct a zope login URL of the form on another server: http://zope.domain:port/context/logged_in?__ac_name=uzz__ac_password=xxxsubmit=Log+in http://zope.domain:port/context/logged_in?__ac_name=uzz__ac_password=xxxsubmit=Log+in where the ac_name and ac_password parameters are encrypted using zope public key (?) and have the parameters decrypted when zope receives the request and login the user. Is there an API or some way to encrypt the username and password on the 3^rd party app server and configure zope so that it treats the parameters as encrypted values rather than plaintext? Joseph Thomas College of American Pathologists http://www.cap.org http://www.cap.org/ ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) - -- ZOPYX Ltd. Co. KG - Charlottenstr. 37/1 - 72070 Tübingen - Germany Web: www.zopyx.com - Email: i...@zopyx.com - Phone +49 - 7071 - 793376 Registergericht: Amtsgericht Stuttgart, Handelsregister A 381535 Geschäftsführer/Gesellschafter: ZOPYX Limited, Birmingham, UK - E-Publishing, Python, Zope Plone development, Consulting -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkmurnAACgkQCJIWIbr9KYylKQCgn3WWP5SzGrrAQbJIQXv7Bfac 3fwAoIiI4iwtVBFVRg7jtZu5Vgy5fw3f =MHol -END PGP SIGNATURE- ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) smime.p7s Description: S/MIME Cryptographic Signature ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )