Re: [Zope] SSO
Hi Sabine, On 17/05/2011 07:07, Sabine Grabner wrote: > I try to set up Zope with Shibboleth SSO. What are you using to do the Shibboleth auth? > Therefore I need to delegate > authentication to Apache which should then pass the REMOTE_USER > environment variable to Zope. Am I understanding right, that for this > purpose I have to use the not so recommended fastcgi configuration? No, I think, you're fine using the normal ZServer way of running Zope. You just need to get Zope into "remote user mode", from looking at the source, it appears you need to create a file called "access" in your INSTANCE_HOME and put the following in it: superuser: > REMOTE_USER environment variable. However, going this route would mean > messing with the existing code, which uses REMOTE_USER currently set by > Zope. What existing code? cheers, Chris -- Simplistix - Content Management, Batch Processing & Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] SSO
Hi there, I try to set up Zope with Shibboleth SSO. Therefore I need to delegate authentication to Apache which should then pass the REMOTE_USER environment variable to Zope. Am I understanding right, that for this purpose I have to use the not so recommended fastcgi configuration? With the recommended RewriteRule I successfully receive the HTTP_REMOTE_USER header var in the REQUEST object, but not the REMOTE_USER environment variable. However, going this route would mean messing with the existing code, which uses REMOTE_USER currently set by Zope. I appreciate any help. Thank you, Sabine Sabine Grabner Softwareentwickler FH VORARLBERG University of Applied Sciences Hochschulstraße 1 6850 Dornbirn, Austria Telefon: +43 (0) 5572 792 2212 www.fhv.at GmbH, FN 165415h, LG Feldkirch ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Moodle and Zope SSO.
Thanks to both, finally I implemented a very easy solution similar to the one proposed by Dieter, although i hope to convince my boss about the CAS solution. JL. Maciej Wisniowski wrote: I'm trying to implement a script like the one shown below but it seems too tricky and it does not work. Has anybody implemented this kind of sso with zope and moodle or whatever? We're using Zope and PHP apps with SSO build with use of CAS. Works good. For zope you'll find CAS4PAS authentication plugin for PHP I don't remember how it is called. CAS itself is java based application. ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Moodle and Zope SSO.
>> I'm trying to implement a script like the one shown below but it seems >> too tricky and it does not work. Has anybody implemented this kind of >> sso with zope and moodle or whatever? We're using Zope and PHP apps with SSO build with use of CAS. Works good. For zope you'll find CAS4PAS authentication plugin for PHP I don't remember how it is called. CAS itself is java based application. -- Maciej Wisniowski ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Moodle and Zope SSO.
Jose Luis de la Rosa Triviño wrote at 2007-2-19 13:07 +0100: >I need to implement a SSO solution for Moodle and Zope. My use case is: > >1. The user logs in Zope. >2. Zope logs in Moodle (in behalf of the user) and forwards the >authentication cookie to the client. > >I suppose that the user has the same credentials in Zope and Moodle. > >I'm trying to implement a script like the one shown below but it seems >too tricky and it does not work. Has anybody implemented this kind of >sso with zope and moodle or whatever? We perform a remote login from one Zope instance on another Zope instance. The remote login puts the user identity into an encrypted token (together with a timestamp, to make replay attacks more difficult) and sends it to the second instance. This decrypts and checks the token and then performs its own login based on the user identity information. The same will work with any systems, not only Zope ones. -- Dieter ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Moodle and Zope SSO.
Hello all, I need to implement a SSO solution for Moodle and Zope. My use case is: 1. The user logs in Zope. 2. Zope logs in Moodle (in behalf of the user) and forwards the authentication cookie to the client. I suppose that the user has the same credentials in Zope and Moodle. I'm trying to implement a script like the one shown below but it seems too tricky and it does not work. Has anybody implemented this kind of sso with zope and moodle or whatever? Thank you very much! My script now looks like this: URL_AUTH = 'http://localhost/moodle/login/index.php' params = {'username':'foo', 'password':'bar'} conn = urllib2.urlopen(URL_AUTH, urlencode(params)) mycookie = conn.info().getheaders('Set-Cookie')[-1] # Get the cookie MOODLEID_ name = mycookie[0: int(mycookie.find("="))] # Get the name value = mycookie[mycookie.find("=")+1: mycookie.find(";")] # The value self.REQUEST.RESPONSE.setCookie(name, value, path='/moodle', domain='localhost') self.REQUEST.RESPONSE.redirect("http://localhost/moodle";) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )