Dirk Datzert wrote:

we have Zope 2.6.4 and 2.7.6 with LDAPUserFolder and CookieCrumbler in use.

One of our next goals is to integrate the Single-Sign-On-Ticket feature of

SAP sent a cookie called MYSAPSSO2 which contains a certified signature and
the Login-Name of a user.

Normally the Login-Name will be validated by LDAPUserFolder with password
against LDAP-Directory and the roles of the user will be assigned to the
user object.

We have now an external web-service which can validate the MYSAPSSO2-Ticket
and return the Login-Name.

I'm looking now for the best way to integrate/rewrite
CookieCrumbler/LDAPUserFolder to take the validated Login-Name and read the
roles of the user out of the LDAP-directory.

Any ideas ? Maybe comments by Jens or Shane ?


I'm not sure this could work for you... I've tried integrating Zope with an SSO system, which did not provide any authentication other than setting a correct REMOTE_USER in the REQUEST (we did it behind Apache).

We succeded by subclassing CookieCrumbler so that it was able to deal with those situations.

Also, we were working with Zope in Remote User Mode.

I can provide the code, if necessary.

Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Reply via email to