[Zope-PAS] Re: Need help with PAS with CMF, CookieCrumbler

Tres Seaver tseaver at palladion.com
Thu Apr 13 11:43:00 EDT 2006

Hash: SHA1

Rob Boyd wrote:
> I'm converting a CMF site that uses LDAP authentication to enable
> authentication from a user's certificate (smart card). I wrote an authN
> and credentials plugin that works when used against protected content
> like a folder, that is not a CMF site. It does not work on a CMF site
> (always directed to login screen).
> I need help on how to incorporate it with CMF and its CookieCrumbler.
> The use case is: user visits CMF site where membership is required, the
> user's cert is read, compared to the LDAP directory, if the user is
> found, they are authenticated. There is no challenge seen by the user.
> If the user doesn't have a smart card, authentication fails over to an
> LDAPMultiPlugin, which would present the user with a login screen for
> entering username/password.
> When I set up my plugin as primary auth handler, a _ZopeId session
> cookie is issued. I want instead to use the CMF's cookie and session
> mechanisms. BTW, I am not using Plone, so PlonePAS is out.

In a CMF site using PAS, you need to remove the 'cookie_auth'
CookieCrumbler (which is what is "stealing" your Unauthorized).  That
should allow your plugins to handle the process correctly.

- --
Tres Seaver          +1 202-558-7113          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


More information about the Zope-PAS mailing list