Hi again, Now with some help from amol and the guys mentioned in this blog post: http://danielnouri.org/notes/2011/03/16/pyramid-is-too-damn-easy---a-success-story/ , I figured at least the parts about external authentication out.
Metadata from SQL is still fetched anyways, so thats great. Here is a Gist which contains an IIdentifier implementation that just takes the external authentication and returns it: https://gist.github.com/074b795c3fbfa739ed37 One part of the trick is that setting repoze.who.userid in the identifier makes repoze.who skip any authenticators afterwards. (I can only recommend the following to people struggling with just about anything: Read the sources of all related or similar things - it helps! :D) Cheers all, Moritz Am 20.03.2013 01:00, schrieb Moritz Schlarb: > Hello again, > > I'm going to have to integrate my TG2 application into a single sign on > environment which uses Shibboleth but I'm already struggling at faked > basic HTTP authentication through Apache. > > The application runs fine with mod_wsgi if it handles authentication on > its own. > If I add a simple basic authentication to the whole application (using > user accounts that exist in the backend database), I would have expected > that repoze.who takes the REMOTE_USER key from the environ dict and > behaves like if that user was logged in - but it doesn't. > > If I want to access an url that is @not_anonymous, Apache gives me the > login dialog, but no credentials are accepted... > > Now I have three major problems: > > 1. How can I get repoze.who to properly respect the authenticated user? > 2. How can I connect additional metadata from my app (e.g. additional > columns from the User model class and relationships) to externally > authenticated users? E.g. what is the right place to create the database > entries on demand when a new user logs in? > 3. How can I get the basic authentication to behave the same like > repoze.who to only require authentication when it's needed and not for > the whole url tree? > > I couldn't find any explicit advice in the docs of TG2 or repoze.who, > maybe someone with a little experience can help. > > Thanks a lot, > -- Moritz Schlarb -- You received this message because you are subscribed to the Google Groups "TurboGears" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/turbogears?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
