[Zope] need advice on remote authentication

Garry Hodgson garry@sage.att.com
Tue, 02 May 2000 11:10:06 -0400


i've got an app i'm trying to build for my division.
i'd like to take advantage of zope's security model to 
control access to various parts of the site.  seems straightforward,
but for one wrinkle.  i need to authenticate users via a remote
authentication service run by the company's HR organization.  my
organization explicitly does not want to be maintaining our own
users and passwords, so i'd like to automatically create users
as needed, rather than manually via the zope management interface.

i've built some test objects that do the authentication, but don't
know, once i've figured out who someone is, how to fit this into
zope's notion of users and roles.  

here's how the authentication works:

assume the HR site is:
	foo.att.com/authenticate?return=mysite.att.com

i redirect to that page, the user sees a login screen.
he enters login/password, gets redirected back to mysite.att.com
i use an FSSession to keep track of where to go next, and
can find out who the user is via cookies set by the HR site.

at this point, i assume that what i need is to somehow tell zope
which user this is (creating one if needed), an that after that
point everything works as if the normal mechanism had been used.
can anyone give me some clue how to do this?  also, if my general
approach to this scheme is off base, i'd appreciate being told so.

thanks

-- 
Garry Hodgson                   Every night 
garry@sage.att.com                a child is born
Software Innovation Services        is a Holy Night.
AT&T Labs                         - Sophia Lyon Fahs