Launchpad uses OpenID. We don't have that slated for abstraction and
open-sourcing immediately. However, most of the Launchpad code
(including this bit) is to be open-sourced by this summer, abstracted
or not. Therefore, we should at least be able to give you some idea
of what we have done before then.
I've forwarded your email to the primary implementer/designer of our
OpenID integration. Hopefully he can directly participate, or at
least give me some answers to forward to you.
Generally, we're using python-openid for the Zope code, and an Apache
plugin as a front-end for hooking up other bits.
On Feb 17, 2009, at 7:06 PM, Shane Hathaway wrote:
> I'm working with a customer on a single sign on (SSO) system for Zope.
> We haven't yet chosen which SSO system we want to use. I would like
> hear from anyone who has set up SSO with Zope.
> We have some definite requirements:
> * We can't accept arbitrary identities like OpenID normally does. We
> need to set up our own identity provider (IDP) and force our servers
> accept only identities provided by our own IDP.
> * The SSO process should be very similar to an ordinary cookie-based
> login process. I don't want the user to have to enter their
> username on
> one form and their password on another, but that's the standard OpenID
> * This will be implemented in Zope 3.
> We are considering OpenID, Shibboleth, CAS, and any other mature
> that others might suggest. Shibboleth seems like the most obvious
> but it's nowhere near as popular as OpenID. I haven't yet looked at
> in detail.
> Alternatively, I have wondered if we actually need full-blown SSO;
> perhaps a carefully constructed domain-wide cookie would do the trick.
> Any experiences with that?
> Thanks to anyone who participates.
> Zope-Dev maillist - Zope-Dev@zope.org
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope )
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -