Tres Seaver wrote:
> robert rottermann wrote:
> >> Hi there,
> >> I would like to use Session Auth Helper to authenticate a user after he
> >> has logged into a site using Active Directory.
> >> this are the steps I use to create the setup:
> >> - add an ActiveDirectory Multiplugin
> >> - activate all services
> >> - apply patches to have the groups working
> >> according instructions on Plone I install
> >> LDAPMultiPlugins-plone.org.patch from antiloop.plone.org
> >> - add an Session Auth Helper
> >> - activate all three services (Reset Credentials,
> >> Extraction)
> >> - Up the session timeout of the site to 5 hours
> >> Now my questions:
> >> - do I have to change the sequence of the active plugins to avoid
> >> contacting the AD server after a successful login
> >> (as long the session is active)
> >> it is like this now
> >> credentials_cookie_auth
> >> AD Multiplugin
> >> Session Auth Helper
> >> - is there something else I have to take care of?
> Yes, you want the session auth plugin to be registered *ahead* of the AD
> / LDAP plugin, in the registration for IAuthenticateCredentials. That
> list looks like the one for IExtractCredentials (the cookie plugin can't
> actually authenticate, it only retrieves credentials from the request).
a stupid follow up question: what is ahead?
(from the context of this mail) I assume this means above of AD?
tel;work:031 333 10 20
tel;fax:031 333 10 23
tel;home:031 333 36 03
Zope-PAS mailing list