You are not logged in Log in Join
You are here: Home » Members » mrlex's Home » ACUF
Log in
Name

Password

 
Link icon Forgot your password?
Print

ACASUserFolder home

ACASUserFolder is a User Folder implementing the Yale CAS Single Sign On (SSO) Authentication method.

It aims are interoperability, robustness, security and end user simplicity. This project started at the Bordeaux 1 University as a proof of concept for Plone integration in a CASified esup-portal environment.

This Product was formerly known as CASUserFolder but has been renamed to avoid name conflict with another similar product.

ChangeLog

Details on ACASUserFolder implementation and Zope/GRUF integration

Download

Features

  • Yale CAS architectures 1.0 & 2.0
  • Plone Support
  • GroupUserFolder support (patch for versions < 3.3)
  • Support for POST and GET methods arguments
  • Auto-login without adding login button to your site
  • clean implementation : doesn't patch anything in the running zope instance
  • management tab for testing CAS login
  • default roles for CAS Users
  • optional persistent users for assigning local roles
  • online help

Compatibility

  • python 2.1 (see note below) / 2.2 / 2.3
  • Zope : tested with 2.6.2 / 2.7.1 / 2.7.4 / 2.7.5 / 2.8.0 / 2.8.1
  • Plone : tested with 2.0.4/2.0.5 & 2.1
  • GroupUserFolder (need patch for versions < 3.3)
  • CookieCrumbler
  • VirtualHostMonster proof (groarrrr)

Doc from the Zope Product

CAS usage scenarios

Security

ACASUserFolder Properties

Plone integration

ACASUserFolder users listing

ACASUserFolder public API

Installation

Uncompress the tarball in your Zope Products directory. Under GNU/Linux This is something like: 

    /usr/lib/zope/lib/python/Products/

Next restart Zope to take the product into account.

GRUF Patch

It can be found here

Not implemented yet

  • CAS Proxy support

Caveats

  • POST support currently allow session exhausting DoS when activated (see security)
  • with Plone 2.0.5, GET method arguments are lost on session timeout. This is a cookie crumbler (from CMFCore 1.4.7) issue that is fixed with version shipped in Plone 2.1 . If you want to avoid data loss and you doesn't want to upgrade Plone, see the patch provided here
  • timeoutsocket.py problems

Read further if you see this error when authenticating or using the test feature: 

    TypeError: ssl() argument 1 must be _socket.socket, not _socketobject

The case is well described here: http://mail.python.org/pipermail/python-list/2005-May/281697.html

If you have timeoutsocket.py installed (with Nuxeo CPS 3.2 for example) you have to find all the files making an import timeoutsocket and comment it along with the lines calling the function timeoutsocket.setDefaultSocketTimeout.

Unfortunately this requires manual fixing (find + grep are your friends).

Upgrading

Please delete CASUserFolder with version number prior to 1.0

To upgrade from previous CASUserFolder 1.x to ACASUserFolder 2.x into Plone, follow these steps :

  • install ACASUserFolder and PloneCASLogin on the filesystem in the Zope Products directory.
  • uninstall the old CASUserFolder from Plone with QuickInstaller tool.
  • deletion of old CASUserFolders is optional
  • install PloneCASLogin with QuickInstaller tool

Python 2.1 note

You need HTMLParser provided by default with python >= 2.2 To install it, simply grab HTMLParser.py & markupbase.py from python(>=2.2) libs and put these files in the python 2.1 lib directory (/usr/lib/python2.1/ on debian).

Other Zope/CAS Implementations

PluggableUserFolder from nuxeo : http://www.zope.org/Members/nuxeo/Products/PluggableUserFolder

CASUserFolder from simplistix : http://www.simplistix.co.uk/software/zope/casuserfolder

CAS 4 PAS (PluggableAuthService) : http://www.zope.org/Members/regebro/CAS4PAS
Copyright (c) 2011 Zope Foundation. All rights reserved. Legal | Contact
If you can read this text, it means you are not experiencing the Plone design at its best. Plone makes heavy use of CSS, which means it is accessible to any internet browser, but the design needs a standards-compliant browser to look like we intended it. Just so you know ;)