[Zope] single sign-on

Fernando Martins fernando at cmartins.demon.nl
Sat Apr 1 08:03:43 EST 2006


Dieter Maurer wrote:
> >Yes, I understand the alternative to FastCGI, but mod_proxy
> doesn't pass the required environmental variable REMOTE_USER to
> zope. I was asking about single sign-on alternatives for Zope.
>
> In principle, the rewrite rules allow to specify environment extensions.
> When I remember right, you use an "E=..." in the "[P, ...]" to call
> for such an extension.
>

Indeed, I also looked into mod_rewrite (which I'm using anyway) and I
realised I could put the user id into the URL with %{LA-U:REMOTE_USER}.
That's a special case of %{ NAME_OF_VARIABLE }, required because "this
variable is set by the authorization phases which come after the URL
translation phase where mod_rewrite operates".

The problem is that I have no knowledge of zope internals, including VHM.
And not much time (or money) to fix it. Any idea if it would be a simple
matter of patching RemotUserFolder or would it require additional patching
to VHM, etc?

If feasible, this could indeed be a nice solution, only with positive impact
(get rid of FastCGI).

Regards,
Fernando



More information about the Zope mailing list