You are not logged in Log in Join
You are here: Home » Members » mrlex's Home » ACUF » hlp » API.stx

Log in
Name

Password

 

API.stx

ACASUserFolder Zope API

This section Describes ACASUserFolder public hooks for use from DTML / ZPT / etc...

Public methods

ACASUserFolder implements IACASUserFolder methods which are stabilized :

cas_get_username()
Returns a string which is a user login.

This user CAS ticket was validated from the CAS server. It requires a logged-in user context. Otherwise returns None.

cas_redirect_to_login(force = false)
Cause the client browser to be redirected to the CAS login page and then to come back to the very same page it came from with a CAS ticket (if password OK) If the ticket is valid, then the user will be authenticated for the second page loading.

if Force is true, then redirect will use lock

cas_complete_logout(service = None)
Clean local CAS credentials AND CASTGC secure cookie which is the -global- credential. To achieve this, the client browser will be redirected to the CAS server to clear the cookie and CAS server side credentials, then it will come back to this very same page (if service is None) but Anonymously.

service is the url to which the client will be redirected to after logging out from the CAS server.

cas_local_logout(service = None)
Logout only from the Zope server.

Be aware that within frames or when loading images, other parts may be viewed anonymously depending on the browser loading order. If service is provided, then the client is redirected to URL. This allow to draw the page in Anonymous mode rather than having a clumsy page with a connected context while next request will be anonymous.

service is an URL like in cas_complete_logout

Public Safe Variables

cuf_login_url

cuf_validate_url
This one is the least usefull as it may only be used by ACASUserFolder ticket validation code.

cuf_logout_url

Special GET Parameters

cas_test
used in test management tab. You should avoid to use this.

It disables Basic auth to allow CAS only mechanism.

cas_delay_POST
delay injection of POST data when validating CAS ticket.

see security for details on POST data handling.

This is usefull only when added in service parameter at login time. It is used in PloneCASLogin-2.x to allow user to traverse intermediate pages before returning to the original page where authentication was needed/called.

cas_consume_POST
inject POST data that was previously stored into the session (after timeout) and delayed by cas_delay_POST.

It is only usefull after a ticket was validated using cas_delay_POST.

See Also

ACASUserFolder Properties

Plone integration

ACASUserFolder users listing

CAS usage scenarios

Security

Zope API

Author & Maintainer

Alexandre SAUVE < mr .dot. lex -at- free .dot. fr >