[Zope] Custom authentication that avoids login screens

[Dieter Maurer]

Felix Ulrich-Oltean writes:
 > ...
 > Our site is served by Zope, as well as PHP and Perl - the entry point
 > is in PHP - i.e. login screens, general stuff.  By the time someone
 > gets to the Zope pages, they should be already logged in.  I've looked
 > at both exUserFolder and SimpleUserFolder, but I still cannot see how
 > to intercept the request before the UF presents the user with a login
 > screen / HTTP basic auth dialog.
Most cookie user folders allow the customization of the login dialog.
Make it a redirect to a page that handles your global (for PHP, Zope, ...)
login.

This may pop up a login dialog or perform an automatic login
based on already available login information.

The login action is expected to have some variables
(e.g. "__ac_name" and "__ac_password").
Let your login page come back with these variables set -- voila.


As an alternative, you can Zope tell to not make its own
authentication but use what is already available.
I never used this myself but read about it in a document
about Web-Server/Zope integration. It is detailed there for
the case that the Web Server does the authentication.
Look into the "doc" subdirectory of your Zope distribution.


Dieter