-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 robert rottermann wrote: > Hi there, > > I would like to use Session Auth Helper to authenticate a user after he > has logged into a site using Active Directory. > > this are the steps I use to create the setup: > - add an ActiveDirectory Multiplugin > - activate all services > - apply patches to have the groups working > according instructions on Plone I install > LDAPMultiPlugins-plone.org.patch from antiloop.plone.org > - add an Session Auth Helper > - activate all three services (Reset Credentials, UpdateCredentials, > Extraction) > - Up the session timeout of the site to 5 hours > > Now my questions: > - do I have to change the sequence of the active plugins to avoid > contacting the AD server after a successful login
> (as long the session is active) > it is like this now > credentials_cookie_auth > AD Multiplugin > Session Auth Helper > > - is there something else I have to take care of? Yes, you want the session auth plugin to be registered *ahead* of the AD / LDAP plugin, in the registration for IAuthenticateCredentials. That list looks like the one for IExtractCredentials (the cookie plugin can't actually authenticate, it only retrieves credentials from the request). Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 [EMAIL PROTECTED] Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGHAz9+gerLs4ltQ4RAo5JAJ4kVxTZ9badjK0VhVjGrKScqhocmgCcDYu8 RjQursJjH2PLjN7MNTZpvSs= =dLj/ -----END PGP SIGNATURE----- _______________________________________________ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas