[Zope3-Users] Re: Remote authentication
fairwinds at eastlink.ca
Sat May 12 10:56:59 EDT 2007
Hi Maciej. I have been reading quite a bit about CAS today. It looks
like a good way to go. Couple of questions with how you having it
working in z2. Are you using LDAP as a user store with CAS. I have
downloaded a few of the z2 products to study the code in the interim
since a plugin for z3 would be a good thing. I've got to look at how
this works with users and groups code particular with additional info
you need for an app.
Anybody out there interested in helping with something like this? I'm
likely to start a project for this for z3 package but with zpl or mit
licensing since something this generic should have few barriers to
anyone using Yale's system. Many thanks.
Maciej Wisniowski wrote:
> For single sign on there is also CAS (Central Authentication Service).
> We're sucessfully using this in our Zope2 apps. It has plugin for PAS
> in Zope2 (CAS4PAS). CAS also works with other systems - plugins for
> java, php and other exists.
> Important thing here is to distinguish between authentication and
> authorization. For example SSO like CAS can only tell you if your
> user is authenticated. It won't tell you if he has some permissions
> and/or roles to do something. But with PAS you can write another plugin
> that will set proper roles for user etc.
More information about the Zope3-users