> I have been able to log in to my zope instance via
> localhost:8080/manage, and when I've added the 'access' file with my
> username, a colon, and a newline, no password is required to login. So
> I think the 'RemoteUserAuth' plugin described at the above site is
> working correctly.
I don't know this kind of SSO. Seems to be complicated.
CACSiteRoot and RemoteUserAuth I don't know any of these... Think it
will be difficult to help you until there is somebody that used those
things, but maybe I'm wrong :)
> I don't fully grasp the way that user authentication works in zope. I'm
> not sure where to begin to look for the problem here, and I'm hoping
> someone can help.
You may read about Zope Security system on plope.org in Zope Book 2.7
You may want to take look at error_log, and maybe remove unauthorized
from the list of omited exceptions there. Additionally you may want to
enable VerboseSecurity in zope.conf. AFAIR you need to uncomment:
Maybe then you'll see more informations.
And how to debug zope part of authentication... You may possibly take a
look at the sources of RemoteUserAuth. It is possibly something with
that. Simplest debugging may be done by adding
print 'hello - im here!'
statements to the RemoteUserAuth code, and then running Zope with
./runzope (or runzope.bat on Windows). It doesn't detach from console
and you'll see your printed statements. You may also use pdb - python
> However, when I try to access the ZMI via apache
> (http://myhost.com/manage which gets rewritten to
> http://localhost:8080/manage in apache proxy), I am prompted via basic
> auth for username and password, and anything I enter is rejected.
Typically apache rewrites make use of VirtualHostMonster in Zope
but your's how to uses different syntax.
> The expected behavior is that mod_fba sets an authorization header with
> a username from pubcookie and sends it to zope with a page request for
> the ZMI.
I don't understand why this SSO is about ZMI? ZMI is Zope Management
Interface - so it is rather for managers/programmers, not for typical
We've sucessfully implemented SSO solution with CAS. There are nice
plugins for Zope and Plone to deal with this.
Zope maillist - Zope@zope.org
** No cross posts or HTML encoding! **
(Related lists -