-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rob Boyd wrote: > I'm converting a CMF site that uses LDAP authentication to enable > authentication from a user's certificate (smart card). I wrote an authN > and credentials plugin that works when used against protected content > like a folder, that is not a CMF site. It does not work on a CMF site > (always directed to login screen). > > I need help on how to incorporate it with CMF and its CookieCrumbler. > The use case is: user visits CMF site where membership is required, the > user's cert is read, compared to the LDAP directory, if the user is > found, they are authenticated. There is no challenge seen by the user. > If the user doesn't have a smart card, authentication fails over to an > LDAPMultiPlugin, which would present the user with a login screen for > entering username/password. > > When I set up my plugin as primary auth handler, a _ZopeId session > cookie is issued. I want instead to use the CMF's cookie and session > mechanisms. BTW, I am not using Plone, so PlonePAS is out.
In a CMF site using PAS, you need to remove the 'cookie_auth' CookieCrumbler (which is what is "stealing" your Unauthorized). That should allow your plugins to handle the process correctly. Tres. - -- =================================================================== Tres Seaver +1 202-558-7113 [EMAIL PROTECTED] Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEPnGE+gerLs4ltQ4RAo3bAJ937sSra5zMhzFNFfLA1B3lFZa+3wCfcBmt HGfVrv0nrvZjaYpWwj6Dgo0= =U1j2 -----END PGP SIGNATURE----- _______________________________________________ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas