https://github.com/zms-publishing/products.zmspluggableauthservice

https://github.com/zms-publishing/products.zmspluggableauthservice

Last synced: about 1 year ago
JSON representation

• Host: GitHub
• URL: https://github.com/zms-publishing/products.zmspluggableauthservice
• Owner: zms-publishing
• Created: 2020-07-29T20:17:59.000Z (almost 6 years ago)
• Default Branch: master
• Last Pushed: 2025-03-26T16:14:14.000Z (about 1 year ago)
• Last Synced: 2025-03-26T16:30:17.413Z (about 1 year ago)
• Language: Python
• Size: 90.8 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 2
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# ZMS PluggableAuthService Adapter

The ZMS adapter for [Zope's Pluggable Authentication Service, PAS](https://github.com/zopefoundation/Products.PluggableAuthService) delivers four adapters each providing specific API functions of the  PAS authentication process:

1. *ZMS PAS Cookie Auth Helper*: containing a login form and the auth cookie name

2. *ZMS PAS Role Plugin*: containing the API methods authenticateCredentialsImpl and enumerateUsersImpl for connection external user repositories

3. *ZMS PAS User Plugin*: containing the API method getRolesForPrincipalImpl

3. *ZMS PAS SSO Plugin*: processing an [OpenID-Connect (OIDC)](https://en.wikipedia.org/wiki/OpenID#OpenID_Connect_(OIDC)) conformant http header for several authentication steps (credential extraction, authentication etc.)

## SSO Plugin: Using OIDC conformant Single-Sign-On

### Prerequisites

* *itsdangerous*: Various helpers to pass data to untrusted environments and to get it back safe and sound. Data is cryptographically signed to ensure that a token has not been tampered with.

   https://pypi.org/project/itsdangerous/

### Zope Object's Properties

Name | Value | Description

--- | --- | ---

Header Name | `HTTP_X_AUTH_RESULT` | the name of the HTTP-header containing the OIDC auth-result

Secret Key | `******************` | the secret key used to decrypt the auth-result using the _itsdangerous_-module

Login Path | `http://zms.hosting/auth/login` | the path for redirection from challenge to SSO login.

Login Pattern | `https?:\/\/(.*)\/manage` | the pattern of original url for redirection from challenge to SSO login.

Came From | `came_from` | the name of the request-parameter containing the original url the request came from

User ID Attributes | `user_id,sub` | the name(s) of the http header payload fields representing the user id. 

*Optional\*:* `roles_attr` | `roles_attr` | the name of the http header payload field representing a list of roles. 

 \* *The ZMS PluggableAuthService SSO Plugin is able to extract the user roles; for this a new attribute named "roles_attr" (string type) must be added manually to the property list*

## License

Copyright (c) 2000-2023 SNTL Publishing , Berlin. 

Code released under the _GNU General Public License v3 _ license.