[Zope-PAS] Re: Need help with PAS with CMF, CookieCrumbler
tseaver at palladion.com
Thu Apr 13 11:43:00 EDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Rob Boyd wrote:
> I'm converting a CMF site that uses LDAP authentication to enable
> authentication from a user's certificate (smart card). I wrote an authN
> and credentials plugin that works when used against protected content
> like a folder, that is not a CMF site. It does not work on a CMF site
> (always directed to login screen).
> I need help on how to incorporate it with CMF and its CookieCrumbler.
> The use case is: user visits CMF site where membership is required, the
> user's cert is read, compared to the LDAP directory, if the user is
> found, they are authenticated. There is no challenge seen by the user.
> If the user doesn't have a smart card, authentication fails over to an
> LDAPMultiPlugin, which would present the user with a login screen for
> entering username/password.
> When I set up my plugin as primary auth handler, a _ZopeId session
> cookie is issued. I want instead to use the CMF's cookie and session
> mechanisms. BTW, I am not using Plone, so PlonePAS is out.
In a CMF site using PAS, you need to remove the 'cookie_auth'
CookieCrumbler (which is what is "stealing" your Unauthorized). That
should allow your plugins to handle the process correctly.
Tres Seaver +1 202-558-7113 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Zope-PAS