Shane Hathaway schreef:
> * The SSO process should be very similar to an ordinary cookie-based
> login process. I don't want the user to have to enter their username on
> one form and their password on another, but that's the standard OpenID
> * This will be implemented in Zope 3.
> We are considering OpenID, Shibboleth, CAS, and any other mature system
> that others might suggest. Shibboleth seems like the most obvious fit,
> but it's nowhere near as popular as OpenID. I haven't yet looked at CAS
> in detail.
> Alternatively, I have wondered if we actually need full-blown SSO;
> perhaps a carefully constructed domain-wide cookie would do the trick.
In the two cases where I've been involved in SSO, both times there was
some apache module that could handle the actual SSO-part. The result
from zope's viewpoint was either a special http header or a special cookie.
Working from that header ("special_user=username_you_want") or cookie
with similar contents is easy with zope2/plone's PAS and thus also
zope2's authentication system which is mostly similar. You can look at
http://svn.plone.org/svn/collective/PASPlugins/apachepas/ for some
So: easiest way is to let some trusted apache plugin handle the hard
part and then laugh all the way to the bank with some 100-line
Reinout van Rees
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -