Hello again, I'm going to have to integrate my TG2 application into a single sign on environment which uses Shibboleth but I'm already struggling at faked basic HTTP authentication through Apache.
The application runs fine with mod_wsgi if it handles authentication on its own. If I add a simple basic authentication to the whole application (using user accounts that exist in the backend database), I would have expected that repoze.who takes the REMOTE_USER key from the environ dict and behaves like if that user was logged in - but it doesn't. If I want to access an url that is @not_anonymous, Apache gives me the login dialog, but no credentials are accepted... Now I have three major problems: 1. How can I get repoze.who to properly respect the authenticated user? 2. How can I connect additional metadata from my app (e.g. additional columns from the User model class and relationships) to externally authenticated users? E.g. what is the right place to create the database entries on demand when a new user logs in? 3. How can I get the basic authentication to behave the same like repoze.who to only require authentication when it's needed and not for the whole url tree? I couldn't find any explicit advice in the docs of TG2 or repoze.who, maybe someone with a little experience can help. Thanks a lot, -- Moritz Schlarb -- You received this message because you are subscribed to the Google Groups "TurboGears" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/turbogears?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
