{ "info": { "author": "Maric Michaud", "author_email": "maric.michaud@smile-suisse.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "Framework :: Zope2", "License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)", "Operating System :: OS Independent", "Programming Language :: Python" ], "description": "Introduction\n============\n\nThis package propose a plugin for Zope PAS not only to manage authentication\nfrom an external source, mostly HTTP headers provided by some SSO, thing it\ndoes in a scriptable and highly configurable manner, but also to manage groups\ndefinition, groups belonging, and users properties .\n\nThe use case this package was created for was to integrate a Shibboleth SSO for\nPlone coupled with a group management application known as GROUPER, at\nUniversity of geneva. In our case, Shibboleth, the SSO, fill up headers from\nGROUPER groups definitions and we needed them in Plone to manage local roles\nand permissions.\n\nKnown Bugs\n==========\n\nThe principle of solution relies on the ability of PAS to have multiple source\nof users and group plugins. Unfortunatly ther is a bug in this feature\nimplementation both in Zope and Plone rewrite see `bug #12794`_ . Once this will be corrected undoubtely but\nfor those versions of plone and PAS for which it is not, you could use the\nfollowing monkey patch in __init__.py (this one is for Plone GroupsTool):\n\n.. _`bug #12794`: http://dev.plone.org/ticket/12794\n\n::\n\n from Products.PlonePAS.tools.groups import GroupsTool\n from AccessControl.requestmethod import postonly\n if not hasattr(GroupsTool, '_patched_ea__'):\n\n @postonly\n def removeGroup(self, group_id, keep_workspaces=0, REQUEST=None):\n \"\"\"Remove a single group, including group workspace, unless\n keep_workspaces==true.\n \"\"\"\n retval = False\n managers = self._getGroupManagers()\n if not managers:\n raise NotSupported, 'No plugins allow for group management'\n\n for mid, manager in managers:\n if manager.getGroupById(group_id):\n if manager.removeGroup(group_id):\n retval = True\n\n gwf = self.getGroupWorkspacesFolder()\n if retval and gwf and not keep_workspaces:\n grouparea = self.getGroupareaFolder(group_id)\n if grouparea is not None:\n workspace_id = grouparea.getId()\n if hasattr(aq_base(gwf), workspace_id):\n gwf._delObject(workspace_id)\n\n self.invalidateGroup(group_id)\n return retval\n\n @postonly\n def addPrincipalToGroup(self, principal_id, group_id, REQUEST=None):\n managers = self._getGroupManagers()\n if not managers:\n raise NotSupported, 'No plugins allow for group management'\n for mid, manager in managers:\n if manager.getGroupById(group_id):\n if manager.addPrincipalToGroup(principal_id, group_id):\n return True\n return False\n\n @postonly\n def removePrincipalFromGroup(self, principal_id, group_id, REQUEST=None):\n managers = self._getGroupManagers()\n if not managers:\n raise NotSupported, 'No plugins allow for group management'\n for mid, manager in managers:\n if manager.getGroupById(group_id):\n if manager.removePrincipalFromGroup(principal_id, group_id):\n return True\n return False\n\n GroupsTool.removeGroup = removeGroup\n GroupsTool.addPrincipalToGroup = addPrincipalToGroup\n GroupsTool.removePrincipalFromGroup = removePrincipalFromGroup\n\n GroupsTool._patched_ea__ = True\n\n\nAlso, we just need to test the proxy part which we don't use actually, or\nremove it. If you experience problem with it you should use the redirect to\nexternal url scheme. Also with some versions of python this could not work\nwith https (because of a bug in old urllib2).\n\nTODO\n====\n\n* Unit tests\n* More Documentation\n* redirect on logout url doesn't work\n* Consistent profiles for use without Plone.\n\nCOPYLEFT\n========\nCopyright (C) 2012 Smile Suisse\nSee COPYING for copyright informations and LICENSE.txt for a copy of GPLv3\nlicense in source package \"docs\" directory.\n\nChangelog\n=========\n\n0.1 (beta)\n-------------------\n\n- Initial release\n\npas.plugins.external_auth package installation\n==============================================\n\nWe provide standard zc.buildout installation instruction.\n\n- Add ``pas.plugins.external_auth`` to the list of eggs to install:\n\n::\n\n [buildout]\n ...\n eggs =\n ...\n pas.plugins.external_auth\n\n\n- If you don't use plone with z3c.autoinclude,\n tell the plone.recipe.zope2instance recipe to install a ZCML slug:\n\n::\n\n [instance]\n recipe = plone.recipe.zope2instance\n ...\n zcml =\n pas.plugins.external_auth\n\n\n- Re-run buildout, e.g. with:\n\n::\n\n $ ./bin/buildout\n\n\nYou can skip the ZCML slug if you are going to explicitly include the package\nfrom another package's configure.zcml file.\n\nInstallation in zope\n====================\n\nOnce this is done you can use provided profiles to populate your PAS.\nTwo of them are provided for version 3 and 4 of Plone as default unconfigured\nexample. The one which is used by cmfquickinstaller is targeted at Plone 4\nempty profile so you could just install the product with plone control panel.\n\nThose profiles are more examples than real use case. They are intended to be\nused as a basis for a real profile correspondig to your configuration, unless\nyou prefer to just use TTW ZMI configuration.\nAnyway using the install product through zope for external_auth has not much\nsense except for quickly evaluating the product.\n\nOnce ou have configured at least one plugin in acl_users, go into ZMI\nmanagement page of tyhis plugin and follow the main page configuration\ninstructions.", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "http://www.smile-suisse.com/", "keywords": "Zope Authentication SSO Shibboleth PluggableAuthService", "license": "GPL", "maintainer": null, "maintainer_email": null, "name": "pas.plugins.external_auth", "package_url": "https://pypi.org/project/pas.plugins.external_auth/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/pas.plugins.external_auth/", "project_urls": { "Download": "UNKNOWN", "Homepage": "http://www.smile-suisse.com/" }, "release_url": "https://pypi.org/project/pas.plugins.external_auth/0.1/", "requires_dist": null, "requires_python": null, "summary": "A plugin to allow external authentication informations (commonly headers from apache to work with most SSO) to create users and groups.", "version": "0.1" }, "last_serial": 796033, "releases": { "0.1": [ { "comment_text": "", "digests": { "md5": "e142daf4b488a3128a4b1c0a8b67a026", "sha256": "233800090ad6c06b264a1f875088873d90b30ec79025eaea571a3fd7d582551e" }, "downloads": -1, "filename": "pas.plugins.external_auth-0.1-py2.4.egg", "has_sig": false, "md5_digest": "e142daf4b488a3128a4b1c0a8b67a026", "packagetype": "bdist_egg", "python_version": "2.4", "requires_python": null, "size": 55555, "upload_time": "2012-07-19T08:54:11", "url": "https://files.pythonhosted.org/packages/a3/aa/58f5500d28e0780a50491b460324d0de0f457e6bb52fb7b7ac572bec6149/pas.plugins.external_auth-0.1-py2.4.egg" }, { "comment_text": "", "digests": { "md5": "f003db5e290df0579fa701bfa6eb5295", "sha256": "1da54a4dcac201af43899c949bcf8de6d1fa6b735bf24ceef3f498d52008b49a" }, "downloads": -1, "filename": "pas.plugins.external_auth-0.1.tar.gz", "has_sig": false, "md5_digest": "f003db5e290df0579fa701bfa6eb5295", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 35182, "upload_time": "2012-07-18T10:52:25", "url": "https://files.pythonhosted.org/packages/d1/86/4cc54822630fa82bce9580f22f980c5ebdde5254899ba5cdec46abba9f59/pas.plugins.external_auth-0.1.tar.gz" } ], "0.1rc2": [ { "comment_text": "", "digests": { "md5": "ea09719db0e45c1dbb50f3a28e0e5986", "sha256": "5acd2062670140fcd5472e7c08892e831095b668524285e3ca14162b6f4a6e14" }, "downloads": -1, "filename": "pas.plugins.external_auth-0.1rc2-py2.4.egg", "has_sig": false, "md5_digest": "ea09719db0e45c1dbb50f3a28e0e5986", "packagetype": "bdist_egg", "python_version": "2.4", "requires_python": null, "size": 55558, "upload_time": "2012-07-25T16:25:55", "url": "https://files.pythonhosted.org/packages/26/ad/8b5b40d61da81c5e1a6355b9f64db716aa3828f9f52a9d71069fcc10dfba/pas.plugins.external_auth-0.1rc2-py2.4.egg" }, { "comment_text": "", "digests": { "md5": "db4009af5521da48cb41acbe8445ec1f", "sha256": "2bfee011176db84163f1b426be3f7528a1319c201485dcc9a68401c99df496bb" }, "downloads": -1, "filename": "pas.plugins.external_auth-0.1rc2.tar.gz", "has_sig": false, "md5_digest": "db4009af5521da48cb41acbe8445ec1f", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 35299, "upload_time": "2012-07-25T16:26:23", "url": "https://files.pythonhosted.org/packages/e5/0e/e051105a01046ea83805d83c46e3ea8a27c5f99b8e94aab693b22760bc4b/pas.plugins.external_auth-0.1rc2.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "e142daf4b488a3128a4b1c0a8b67a026", "sha256": "233800090ad6c06b264a1f875088873d90b30ec79025eaea571a3fd7d582551e" }, "downloads": -1, "filename": "pas.plugins.external_auth-0.1-py2.4.egg", "has_sig": false, "md5_digest": "e142daf4b488a3128a4b1c0a8b67a026", "packagetype": "bdist_egg", "python_version": "2.4", "requires_python": null, "size": 55555, "upload_time": "2012-07-19T08:54:11", "url": "https://files.pythonhosted.org/packages/a3/aa/58f5500d28e0780a50491b460324d0de0f457e6bb52fb7b7ac572bec6149/pas.plugins.external_auth-0.1-py2.4.egg" }, { "comment_text": "", "digests": { "md5": "f003db5e290df0579fa701bfa6eb5295", "sha256": "1da54a4dcac201af43899c949bcf8de6d1fa6b735bf24ceef3f498d52008b49a" }, "downloads": -1, "filename": "pas.plugins.external_auth-0.1.tar.gz", "has_sig": false, "md5_digest": "f003db5e290df0579fa701bfa6eb5295", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 35182, "upload_time": "2012-07-18T10:52:25", "url": "https://files.pythonhosted.org/packages/d1/86/4cc54822630fa82bce9580f22f980c5ebdde5254899ba5cdec46abba9f59/pas.plugins.external_auth-0.1.tar.gz" } ] }