ACASUserFolder home
ACASUserFolder is a User Folder implementing the Yale CAS Single Sign On (SSO) Authentication method.
It aims are interoperability, robustness, security and end user simplicity. This project started at the Bordeaux 1 University as a proof of concept for Plone integration in a CASified esup-portal environment.
This Product was formerly known as CASUserFolder but has been renamed to avoid name conflict with another similar product.
Details on ACASUserFolder implementation and Zope/GRUF integration
Features
- Yale CAS architectures 1.0 & 2.0
- Plone Support
- GroupUserFolder support (patch for versions < 3.3)
- Support for POST and GET methods arguments
- Auto-login without adding
login button
to your site - clean implementation : doesn't patch anything in the running zope instance
- management tab for testing CAS login
- default roles for CAS Users
- optional persistent users for assigning local roles
- online help
Compatibility
- python 2.1 (see note below) / 2.2 / 2.3
- Zope : tested with 2.6.2 / 2.7.1 / 2.7.4 / 2.7.5 / 2.8.0 / 2.8.1
- Plone : tested with 2.0.4/2.0.5 & 2.1
- GroupUserFolder (need patch for versions < 3.3)
- CookieCrumbler
- VirtualHostMonster proof (groarrrr)
Doc from the Zope Product
Installation
Uncompress the tarball in your Zope Products directory. Under GNU/Linux This is something like:
/usr/lib/zope/lib/python/Products/
Next restart Zope to take the product into account.
GRUF Patch
It can be found here
Not implemented yet
- CAS Proxy support
Caveats
- POST support currently allow session exhausting DoS when activated (see security)
- with Plone 2.0.5, GET method arguments are lost on session timeout. This is a cookie crumbler (from CMFCore 1.4.7) issue that is fixed with version shipped in Plone 2.1 . If you want to avoid data loss and you doesn't want to upgrade Plone, see the patch provided here
- timeoutsocket.py problems
Read further if you see this error when authenticating or using the test feature:
TypeError: ssl() argument 1 must be _socket.socket, not _socketobject
The case is well described here: http://mail.python.org/pipermail/python-list/2005-May/281697.html
If you have timeoutsocket.py installed (with Nuxeo CPS 3.2 for example) you have to find all the files making an import timeoutsocket and comment it along with the lines calling the function timeoutsocket.setDefaultSocketTimeout.
Unfortunately this requires manual fixing (find + grep are your friends).
Upgrading
Please delete CASUserFolder with version number prior to 1.0
To upgrade from previous CASUserFolder 1.x to ACASUserFolder 2.x into Plone, follow these steps :
- install ACASUserFolder and PloneCASLogin on the filesystem in the Zope Products directory.
- uninstall the old CASUserFolder from Plone with QuickInstaller tool.
- deletion of old CASUserFolders is optional
- install PloneCASLogin with QuickInstaller tool
Python 2.1 note
You need HTMLParser provided by default with python >= 2.2 To install it, simply grab HTMLParser.py & markupbase.py from python(>=2.2) libs and put these files in the python 2.1 lib directory (/usr/lib/python2.1/ on debian).
Other Zope/CAS Implementations
PluggableUserFolder from nuxeo : http://www.zope.org/Members/nuxeo/Products/PluggableUserFolder
CASUserFolder from simplistix : http://www.simplistix.co.uk/software/zope/casuserfolder
CAS 4 PAS (PluggableAuthService) : http://www.zope.org/Members/regebro/CAS4PAS