{ "info": { "author": "jiangdongjin", "author_email": "eastxing@gmail.com", "bugtrack_url": null, "classifiers": [ "Framework :: Plone", "Programming Language :: Python" ], "description": "=====================\n anz.cas README\n=====================\n\n:author: jiangdongjin\n:contact: eastxing@gmail.com\n:date: 2010/09/25\n:abstract: This is an Python implementation of the server-end of JA-SIG's\n CAS `protocol `_, providing\n a cross-domain single sign-on solution for web applications.\n\n.. contents::\n.. sectnum::\n\nIntroduction\n============\nanz.cas implement a new PAS plugin 'Anz Central Auth Service'. It enabling\nyou to turn your Plone site into a CAS server.\n\nOverview\n========\n**anz.cas gives you:**\n\n- A stand-alone central login page where the user enters their credentials.\n- A mechanism for validating the user's credentials against various\n backends (make use of PAS's authentication plugins).\n- A back-end validator where CAS-enabled client applications connect to\n check whether the current user is authenticated (if the user has already\n been authenticated with the CAS server, then they are permitted to\n proceed, otherwise they are redirected to the CAS server's login page for\n authentication).\n- Almost full compatibility with the open, multi-platform CAS protocol.\n\n**Why you would want/need this:**\n\n- CAS allows you to share authentication across domains.\n- The user only sees the login page once -- the first time they try to\n access any one of your CAS-protected services, and never again until\n they log out or their single-sign on session expires.\n- Client applications never see the user's actual credentials.\n\nCredits\n========\nThanks to those guys who developed the following products, without your\nworks anz.cas will never happen.\n\n- CAS_\n\n.. _CAS: http://www.jasig.org/cas\n\nComparison with JA-SIG's CAS\n============================\n\nAdvantages\n----------\n- anz.cas is designed to be simple to set up and configure by a Zope/Plone\n user (which is quite the opposite from it's popular official java cousin,\n the JA-SIG CAS Server).\n- With JA-SIG CAS Server, you should do more work to integrate your\n Zope/Plone sites with it. With anz.cas you can reduce your software stack.\n- You can make full use of now existed PAS authentication plugins to do\n authenticate work for you.\n\nDisadvantages\n-------------\n- As the official implementation, JA-SIG CAS Server is stable, solid and\n popular used. anz.cas is in the opposite, I hope you guys can give me\n some feedbacks to make it better :).\n\nRequirements\n============\n- Plone 3 or Plone 4\n- ZODB3>=3.8.3 (When Plone3, test under 3.8.3 only)\n- zope.proxy>=3.4.1 (When Plone3, test under 3.4.1 only)\n- zope.bforest\n- uuid\n\nInstallation\n============\nTo install anz.cas into the global Python environment (or a\nworkingenv), using a traditional Zope 2 instance, you can do this:\n\n* When you're reading this you have probably already run \n ``easy_install anz.cas``. Find out how to install setuptools\n (and EasyInstall) here:\n http://peak.telecommunity.com/DevCenter/EasyInstall\n\n* Create a file called ``anz.cas-configure.zcml`` in the\n ``/path/to/instance/etc/package-includes`` directory. The file\n should only contain this:\n\n::\n\n \n\nAlternatively, if you are using zc.buildout and the\nplone.recipe.zope2instance recipe to manage your project, you can do this:\n\n* Add ``anz.cas`` to the list of eggs to install, e.g.:\n\n::\n\n [buildout]\n ...\n eggs =\n ...\n anz.cas\n \n* Tell the plone.recipe.zope2instance recipe to install a ZCML slug:\n\n::\n\n [instance]\n recipe = plone.recipe.zope2instance\n ...\n zcml =\n anz.cas\n \n* Re-run buildout, e.g. with:\n\n::\n\n $ ./bin/buildout\n \nYou can skip the ZCML slug if you are going to explicitly include the\npackage from another package's configure.zcml file.\n\nThen go into your Plone site install \"anz.cas\" product by quick_installer\nor portal_setup.\n\nHow to use anz.cas\n==================\nanz.cas is designed to be easy to set up and customize.\n\nCreate a Plone site as 'CAS Server'\n-----------------------------------\nFor the security consideration, I strongly recommend you to create an\ndedicated Plone site to serve as a 'CAS Server'. In this site you should\ninstall 'anz.cas' and configure it. Assume the site named 'cas'.\n\nSetting up your Plone site behind Apache with SSL\n-------------------------------------------------\nAs the CAS protocol, for the security consideration, all the communication\nwith CAS Server are over SSL. How to do that is out of the scope,\n`this `_ doc will guide you.\n\n**Note:**\nYou can left this behind now, go through the following steps to\nexperience anz.cas quickly.\n\nCustomize central login page\n----------------------------\nanz.cas use Plone stock **login_form** as the central login page, you can\nskinned it whatever you want.\n\nConfigure your authentication mechanism\n---------------------------------------\nanz.cas make use of PAS authentication plugins to do authenticate work, so\nyou can configure PAS to act as you want.\n\nCreate 'Anz Central Auth Service' plugin\n----------------------------------------\nGo to ZMI \\\\cas\\\\acl_users, add an 'Anz Central Auth Service'\ninstance, choose any Id you like, we input 'anz_cas' for example.\n\nConfigure 'Anz Central Auth Service' plugin\n-------------------------------------------\n1. Go to \\\\cas\\\\acl_users\\\\anz_cas, in 'Active' tab active the only one\n interface -- IChallengePlugin.\n\n Click 'Challenge' to configure 'Challenge Plugins', move 'anz_cas'\n to the top.\n\n2. Go to 'Properties' tab to configure CAS related properties. \n\n============== =========== ============== ==============================\nProperty Required Default value Note\nrequireSecure False True Boolean variable denoting\n whether secure connection is\n required or not.\n\n **Note:**\n If you want to experience\n anz.cas under non-ssl\n environment, you should set it\n to False.\nloginPagePath True login_form Where to send people for\n logging in, default is\n Plone's stock 'login_form'.\n============== =========== ============== ==============================\n\nServices Management\n-------------------\nBy default there are no restrictions and any service at any URL may\nauthenticate via CAS. This may be undesirable for a number of reasons, so\nanz.cas provides a Services Management administrative tool to control what\nservices may use the CAS server and in particular what those services can\ndo with CAS.\n\n- In 'Services' tab list all the current registered services, you can\n choose several or all of them to remove.\n- Click 'Add a service' link to register a new service.\n\n================ ======== ============= ================================\nField name Required Default value Note\nID True An identify of the registered\n service, it must equal to\n **serviceUrl** configured in\n CAS client. CAS will redirects\n to here after login.\nName False Name of the registered service.\nDescription False Description of the registered\n service.\nEnabled False True If this service currently\n allowed to use CAS?\nSSO Enabled False True If this service participate in\n the SSO session?\nAnonymous Access False False If the service is allowed\n anonymous or privileged access\n to user information?\nAllowed to Proxy False True If this application allowed to\n participate in the proxying\n capabilities of CAS?\n================ ======== ============= ================================\n\n- Click a registered service's id to modify it.\n\n**Note:**\nIf no registered services, there are no restrictions and any service at any\nURL may authenticate via CAS.\n\nConfigure CAS client\n--------------------\nConfigure the **casServerUrlPrefix** of your CAS clients to our new added\nplugin instance, eg.\nhttps://{your cas server domain}:{port}/cas/acl_users/anz_cas.\n\nSecurity Policy\n===============\nanz.cas uses tickets to implement supported authentication protocols, so it\nfollows that ticket behavior determines most aspects of security policy. In\ncurrent implementation, anz.cas provides for the following:\n\n- Ticket-granting tickets (TGT) that expire after more than 2 hours from\n its creation time.\n- One-time-used service tickets (ST) that must be validated within 5\n minutes.\n\nMore security policy will be added later.\n\nToDo\n====\n- Add automation tests ( I really don't know how to automation test this\n kind of package :) )\n- More compatibility with CAS protocol.\n\nChangelog\n=========\n\n1.0.1\n-------------------\n\n- Update to support Plone4.\n\nNote:\nWhen used under Plone3, please pin products version like this:\nZODB3==3.8.3\nzope.proxy==3.4.1\n\n- Redirection after login success bugfix.\n\n1.0\n-------------------\n\n- Initial release", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "http://plone.org/products/anz.cas/", "keywords": "plone cas sso", "license": "GPL", "maintainer": null, "maintainer_email": null, "name": "anz.cas", "package_url": "https://pypi.org/project/anz.cas/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/anz.cas/", "project_urls": { "Download": "UNKNOWN", "Homepage": "http://plone.org/products/anz.cas/" }, "release_url": "https://pypi.org/project/anz.cas/1.0.1/", "requires_dist": null, "requires_python": null, "summary": "This is an Python implementation of the server-end of JA-SIG's CAS protocol.", "version": "1.0.1" }, "last_serial": 208543, "releases": { "1.0": [ { "comment_text": "", "digests": { "md5": "e9b08dd6ab4d21a51c09e7c6e954207c", "sha256": "239c3cda02161800a544e9ab00e8494e8513a034dfec3fd0fffd20092f9a3b6f" }, "downloads": -1, "filename": "anz.cas-1.0-py2.4.egg", "has_sig": false, "md5_digest": "e9b08dd6ab4d21a51c09e7c6e954207c", "packagetype": "bdist_egg", "python_version": "2.4", "requires_python": null, "size": 76591, "upload_time": "2010-07-09T11:08:06", "url": "https://files.pythonhosted.org/packages/c3/50/e1e2a8f85ae445dfd857db20e5122b53f45f0a0dcb8a217b5036a0e943d6/anz.cas-1.0-py2.4.egg" }, { "comment_text": "", "digests": { "md5": "2ac97d3e04a3acda523c08595522a1c3", "sha256": "97780ccebcd72bca3882fa3b73ad62f51dca7599873263bc5b559442f07e7b05" }, "downloads": -1, "filename": "anz.cas-1.0.tar.gz", "has_sig": false, "md5_digest": "2ac97d3e04a3acda523c08595522a1c3", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 45784, "upload_time": "2010-07-09T11:08:03", "url": "https://files.pythonhosted.org/packages/7c/d9/49cbf9bfd97f51f130aacfd567665f12d59c08cdda63d832c0e33c97ff95/anz.cas-1.0.tar.gz" } ], "1.0.1": [ { "comment_text": "", "digests": { "md5": "1ef6aad0a5c66de85cb78380d90b2c8e", "sha256": "47d4228070eca259d764c8001a9edf0bd252b9506c8d83c32a1fac0d40dfc9f0" }, "downloads": -1, "filename": "anz.cas-1.0.1.tar.gz", "has_sig": true, "md5_digest": "1ef6aad0a5c66de85cb78380d90b2c8e", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 46655, "upload_time": "2010-09-25T12:53:00", "url": "https://files.pythonhosted.org/packages/42/ea/25bdc85d1727babacf9e8221d37279ab14e64cd419ebcc69616fb378a9cd/anz.cas-1.0.1.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "1ef6aad0a5c66de85cb78380d90b2c8e", "sha256": "47d4228070eca259d764c8001a9edf0bd252b9506c8d83c32a1fac0d40dfc9f0" }, "downloads": -1, "filename": "anz.cas-1.0.1.tar.gz", "has_sig": true, "md5_digest": "1ef6aad0a5c66de85cb78380d90b2c8e", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 46655, "upload_time": "2010-09-25T12:53:00", "url": "https://files.pythonhosted.org/packages/42/ea/25bdc85d1727babacf9e8221d37279ab14e64cd419ebcc69616fb378a9cd/anz.cas-1.0.1.tar.gz" } ] }