API.stx
ACASUserFolder Zope API
This section Describes ACASUserFolder public hooks for use from DTML / ZPT / etc...
Public methods
ACASUserFolder implements IACASUserFolder methods which are stabilized :
- cas_get_username()
- Returns a string which is a user login.
This user CAS ticket was validated from the CAS server. It requires a logged-in user context. Otherwise returns None.
- cas_redirect_to_login(force = false)
- Cause the client browser to be redirected to the
CAS login page and then to come back to the very same
page it came from with a CAS ticket (if password OK)
If the ticket is valid, then the user will be authenticated
for the second page loading.
if Force is true, then redirect will use lock
- cas_complete_logout(service = None)
- Clean local CAS credentials AND CASTGC secure cookie which
is the -global- credential.
To achieve this, the client browser will be redirected to the
CAS server to clear the cookie and CAS server side credentials,
then it will come back to this very same page (if service is None)
but Anonymously.
service is the url to which the client will be redirected to after logging out from the CAS server.
- cas_local_logout(service = None)
- Logout only from the Zope server.
Be aware that within frames or when loading images, other parts may be viewed anonymously depending on the browser loading order. If service is provided, then the client is redirected to
URL. This allow to draw the page in Anonymous mode rather than having a clumsy page with a connected context while next request will be anonymous. service is an URL like in cas_complete_logout
Public Safe Variables
cuf_login_url
- cuf_validate_url
- This one is the least usefull as it may only be used by ACASUserFolder ticket validation code.
cuf_logout_url
Special GET Parameters
- cas_test
- used in test management tab. You should avoid to use this.
It disables Basic auth to allow CAS only mechanism.
- cas_delay_POST
- delay injection of POST data when validating CAS ticket.
see security for details on POST data handling.
This is usefull only when added in service parameter at login time. It is used in PloneCASLogin-2.x to allow user to traverse intermediate pages before returning to the original page where authentication was needed/called.
- cas_consume_POST
- inject POST data that was previously stored into the
session (after timeout) and delayed by cas_delay_POST.
It is only usefull after a ticket was validated using cas_delay_POST.
See Also
Author & Maintainer
Alexandre SAUVE < mr .dot. lex -at- free .dot. fr >