Robert Boyd wrote:
> FWIW, my situation is a Shibboleth setup where I wrote a customized
> Cookie Crumbler to recognize the identity of an authenticated user
> requesting a Zope CMF site. It identifies the principal's user id
> through REMOTE_USER.
Hmmm, I think what is happening is that Zope's HTTPRequest is grabbing
the AUTHORISATION header and processing it, sticking the contents into
the _auth attribute. You should probably grab it from here.
Zope maillist - Zope@zope.org
** No cross posts or HTML encoding! **
(Related lists -