Hi Maciej. I have been reading quite a bit about CAS today. It looks
like a good way to go. Couple of questions with how you having it
working in z2. Are you using LDAP as a user store with CAS. I have
downloaded a few of the z2 products to study the code in the interim
since a plugin for z3 would be a good thing. I've got to look at how
this works with users and groups code particular with additional info
you need for an app.
Anybody out there interested in helping with something like this? I'm
likely to start a project for this for z3 package but with zpl or mit
licensing since something this generic should have few barriers to
anyone using Yale's system. Many thanks.
Maciej Wisniowski wrote:
For single sign on there is also CAS (Central Authentication Service).
We're sucessfully using this in our Zope2 apps. It has plugin for PAS
in Zope2 (CAS4PAS). CAS also works with other systems - plugins for
java, php and other exists.
Important thing here is to distinguish between authentication and
authorization. For example SSO like CAS can only tell you if your
user is authenticated. It won't tell you if he has some permissions
and/or roles to do something. But with PAS you can write another plugin
that will set proper roles for user etc.
Zope3-users mailing list