You are not logged in Log in Join
You are here: Home » Members » mrlex's Home » ACUF » View Document

Log in



ACASUserFolder home

ACASUserFolder is a User Folder implementing the Yale CAS Single Sign On (SSO) Authentication method.

It aims are interoperability, robustness, security and end user simplicity. This project started at the Bordeaux 1 University as a proof of concept for Plone integration in a CASified esup-portal environment.

This Product was formerly known as CASUserFolder but has been renamed to avoid name conflict with another similar product.


Details on ACASUserFolder implementation and Zope/GRUF integration



  • Yale CAS architectures 1.0 & 2.0
  • Plone Support
  • GroupUserFolder support (patch for versions < 3.3)
  • Support for POST and GET methods arguments
  • Auto-login without adding login button to your site
  • clean implementation : doesn't patch anything in the running zope instance
  • management tab for testing CAS login
  • default roles for CAS Users
  • optional persistent users for assigning local roles
  • online help


  • python 2.1 (see note below) / 2.2 / 2.3
  • Zope : tested with 2.6.2 / 2.7.1 / 2.7.4 / 2.7.5 / 2.8.0 / 2.8.1
  • Plone : tested with 2.0.4/2.0.5 & 2.1
  • GroupUserFolder (need patch for versions < 3.3)
  • CookieCrumbler
  • VirtualHostMonster proof (groarrrr)

Doc from the Zope Product

CAS usage scenarios


ACASUserFolder Properties

Plone integration

ACASUserFolder users listing

ACASUserFolder public API


Uncompress the tarball in your Zope Products directory. Under GNU/Linux This is something like:


Next restart Zope to take the product into account.

GRUF Patch

It can be found here

Not implemented yet

  • CAS Proxy support


  • POST support currently allow session exhausting DoS when activated (see security)
  • with Plone 2.0.5, GET method arguments are lost on session timeout. This is a cookie crumbler (from CMFCore 1.4.7) issue that is fixed with version shipped in Plone 2.1 . If you want to avoid data loss and you doesn't want to upgrade Plone, see the patch provided here
  • problems

Read further if you see this error when authenticating or using the test feature:

    TypeError: ssl() argument 1 must be _socket.socket, not _socketobject

The case is well described here:

If you have installed (with Nuxeo CPS 3.2 for example) you have to find all the files making an import timeoutsocket and comment it along with the lines calling the function timeoutsocket.setDefaultSocketTimeout.

Unfortunately this requires manual fixing (find + grep are your friends).


Please delete CASUserFolder with version number prior to 1.0

To upgrade from previous CASUserFolder 1.x to ACASUserFolder 2.x into Plone, follow these steps :

  • install ACASUserFolder and PloneCASLogin on the filesystem in the Zope Products directory.
  • uninstall the old CASUserFolder from Plone with QuickInstaller tool.
  • deletion of old CASUserFolders is optional
  • install PloneCASLogin with QuickInstaller tool

Python 2.1 note

You need HTMLParser provided by default with python >= 2.2 To install it, simply grab & from python(>=2.2) libs and put these files in the python 2.1 lib directory (/usr/lib/python2.1/ on debian).

Other Zope/CAS Implementations

PluggableUserFolder from nuxeo :

CASUserFolder from simplistix :

CAS 4 PAS (PluggableAuthService) :