SlideShare une entreprise Scribd logo

How to get started with the Pluggable Authentication System

Matt Hamilton
Matt Hamilton

A presentation given at Plone Conference 2013 in Brasilia. This presentation explains Plone's Pluggable Authentication System (PAS) and how to get started with writing your own PAS Plugin.

TechnologieArt & Photos
1  sur  24
Télécharger pour lire hors ligne
How to get started with Matt Hamilton The Pluggable Authentication System Plone Conference 2013 - Brasilia
Plone Conference 2013 - Brasilia Who am I? • Working with Plone/Zope since 1999 • Director at Netsight in the UK • Worked on a number of projects doing authentication over the years
Plone Conference 2013 - Brasilia What is PAS? • Pluggable Authentication System
Plone Conference 2013 - Brasilia History of PAS • Zope User Folders • ExtUserFolder • PAS
Plone Conference 2013 - Brasilia PAS is one of Plone’s Killer Features
Plone Conference 2013 - Brasilia
Plone Conference 2013 - Brasilia Architecture • Uses the Zope Component Architecture (ZCA) heavily • Many interfaces, each defining an aspect of the authentication process • Each plugin can implement one or more interfaces
Plone Conference 2013 - Brasilia Anonymoususerfactory Plugins Create anonymous users. Authentication Plugins Authentication plugins are responsible for validating credentials generated by the Extraction Plugin. Challenge Plugins Challenge plugins initiate a challenge to the user to provide credentials. Challenge_Protocol_Chooser Plugins Challenge Protocol Chooser plugins decide what authorizationprotocol to use for a given request type. Reset Credentials Plugins Credential clear plugins respond to a user logging out. Update Credentials Plugins Credential update plugins respond to the user changing credentials. Extraction Plugins Extraction plugins are responsible for extracting credentials from the request. Group_Enumeration Plugins Enumeration plugins allow querying groups by ID. Group_Introspection Plugins Group Introspection provides listings of groups and membership Group_Management Plugins Group Management provides add/write/deletion of groups and member management Groups Plugins Groups plugins determine the groups to which a user belongs. Local_Roles Plugins Defines Policy for getting Local Roles Notcompetent Plugins Not-Competent plugins check whether this user folder should not authenticate the current request. These plugins are not used for a top level user folder. They are typically used to prevent shaddowing of authentications by higher level user folders. Properties Plugins Properties plugins generate property sheets for users. Request_Type_Sniffer Plugins Request Type Sniffer plugins detect the type of an incoming request. Role_Assigner Plugins Role Assigner plugins allow the Pluggable Auth Service to assign roles to principals. Role_Enumeration Plugins Enumeration plugins allow querying roles by ID. Roles Plugins Roles plugins determine the global roles which a user has. Update Plugins Update plugins allow the user or the application to update the user's properties. User_Adder Plugins User Adder plugins allow the Pluggable Auth Service to create users. User_Enumeration Plugins Enumeration plugins allow querying users by ID, and searching for users who match particular criteria. Userfactory Plugins Create users. User_Introspection Plugins The User Introspection plugins allow the Pluggable Auth Service to provide lists of users User_Management Plugins The User Management plugins allow the Pluggable Auth Service to add/delete/modify users Validation Plugins Validation plugins specify allowable values for user properties (e.g., minimum password length, allowed characters, etc.)
Plone Conference 2013 - Brasilia Interfaces class IExtractionPlugin( Interface ): """ Extracts login name and credentials from a request. """ def extractCredentials( request ): """ request -> {...} o Return a mapping of any derived credentials. o Return an empty mapping to indicate that the plugin found no appropriate credentials. """
Plone Conference 2013 - Brasilia Interfaces class IAuthenticationPlugin( Interface ): """ Map credentials to a user ID. """ def authenticateCredentials( credentials ): """ credentials -> (userid, login) o 'credentials' will be a mapping, as returned by IExtractionPlugin. o Return a tuple consisting of user ID (which may be different from the login name) and login o If the credentials cannot be authenticated, return None. """
Plone Conference 2013 - Brasilia Interfaces class IPropertiesPlugin( Interface ): """ Return a property set for a user. """ def getPropertiesForUser( user, request=None ): """ user -> {} o User will implement IPropertiedUser. o Plugin should return a dictionary or an object providing IPropertySheet. o Plugin may scribble on the user, if needed (but must still return a mapping, even if empty). o May assign properties based on values in the REQUEST object, if present """
Plone Conference 2013 - Brasilia Interfaces class IGroupsPlugin( Interface ): """ Determine the groups to which a user belongs. """ def getGroupsForPrincipal( principal, request=None ): """ principal -> ( group_1, ... group_N ) o Return a sequence of group names to which the principal (either a user or another group) belongs. o May assign groups based on values in the REQUEST object, if present """
Plone Conference 2013 - Brasilia Plugins • Plugins can be stacked in order you want them to be used
Plone Conference 2013 - Brasilia Plugins
Plone Conference 2013 - Brasilia Example PAS Plugins • ZODB User Manager • Products.LDAPMultiPlugins (PloneLDAP) • pas.plugins.velruse • netsight.windowsauthplugin • netsight.aspxauthplugin
Plone Conference 2013 - Brasilia Combining PAS Plugins
Plone Conference 2013 - Brasilia Worked Example • netsight.aspxauthplugin • Encrypts/Decrypts the .ASPXAUTH cookie used by .NET applications • Allows Plone to trust the auth of a .NET application and vice-versa • Simplified, ignoring some of the boiler plate and crypto code
Plone Conference 2013 - Brasilia def extractCredentials( self, request ) “””To extract the cookie from the browser””” def authenticateCredentials( self, credentials ) “””To decrypt the cookie and validate it is correct””” def resetCredentials(self, request, response) “””To delete the cookie on logout”””
Plone Conference 2013 - Brasilia security.declarePrivate( 'extractCredentials' ) def extractCredentials( self, request ): """ Extract auth credentials from 'request'. """ cookie = request.cookies.get('.ASPXAUTH') if cookie: creds = {} creds['cookie'] = cookie creds['plugin'] = self.getId() return creds
Plone Conference 2013 - Brasilia security.declarePrivate( 'authenticateCredentials' ) def authenticateCredentials( self, credentials ): request = self.REQUEST response = request.RESPONSE # We only authenticate when our challenge mechanism # extracted the cookie if credentials.get('plugin') != self.getId(): return None cookie = credentials.get('cookie') if not cookie: return None sig, data = self.decodeCookie(cookie)
Plone Conference 2013 - Brasilia # check signature is valid if not self.checkSignature(data,sig): return None # decrypt data decryptedBytes = self.decryptData(data) if not decryptedBytes: return None # unpack the values from the data unpacked = self.unpackData(decryptedBytes) if unpacked is None: return None start_time, end_time, username, version, persistent, userdata, path = unpacked # return the userid and login return username, username
Plone Conference 2013 - Brasilia security.declarePrivate( 'resetCredentials' ) def resetCredentials(self, request, response): """ Raise unauthorized to tell browser to clear credentials. """ response.expireCookie('.ASPXAUTH', path='/', domain='.netsightdev.co.uk')
Plone Conference 2013 - Brasilia Gotchas • UserId versus Login • Plugin Performance • Plugin Order • Current paster/templar template missing (sprint?)
Plone Conference 2013 - Brasilia Obrigado! Matt Hamilton matth@netsight.co.uk @hammertoe http://slideshare.net/hammertoe

Recommandé

Plone and Sharepoint
Plone and SharepointPlone and Sharepoint
Plone and SharepointMatt Hamilton
 
Open Source, The Natural Fit for Content Management in the Enterprise
Open Source, The Natural Fit for Content Management in the EnterpriseOpen Source, The Natural Fit for Content Management in the Enterprise
Open Source, The Natural Fit for Content Management in the EnterpriseMatt Hamilton
 
Create folder in microsoft share point
Create folder in microsoft share pointCreate folder in microsoft share point
Create folder in microsoft share pointSon Nguyen
 
Build your silver light application
Build your silver light applicationBuild your silver light application
Build your silver light applicationPranay Rana
 
Flask
FlaskFlask
FlaskElita Lobo
 
CAT Release November 2017
CAT Release November 2017CAT Release November 2017
CAT Release November 2017TIMETOACT GROUP
 
New CAT Release - December 2020
New CAT Release - December 2020New CAT Release - December 2020
New CAT Release - December 2020TIMETOACT GROUP
 
Introduction To CodeIgniter
Introduction To CodeIgniterIntroduction To CodeIgniter
Introduction To CodeIgniterschwebbie
 

Recommandé

Plone and Sharepoint
Plone and SharepointPlone and Sharepoint
Plone and SharepointMatt Hamilton
 
Open Source, The Natural Fit for Content Management in the Enterprise
Open Source, The Natural Fit for Content Management in the EnterpriseOpen Source, The Natural Fit for Content Management in the Enterprise
Open Source, The Natural Fit for Content Management in the EnterpriseMatt Hamilton
 
Create folder in microsoft share point
Create folder in microsoft share pointCreate folder in microsoft share point
Create folder in microsoft share pointSon Nguyen
 
Build your silver light application
Build your silver light applicationBuild your silver light application
Build your silver light applicationPranay Rana
 
Flask
FlaskFlask
FlaskElita Lobo
 
CAT Release November 2017
CAT Release November 2017CAT Release November 2017
CAT Release November 2017TIMETOACT GROUP
 
New CAT Release - December 2020
New CAT Release - December 2020New CAT Release - December 2020
New CAT Release - December 2020TIMETOACT GROUP
 
Introduction To CodeIgniter
Introduction To CodeIgniterIntroduction To CodeIgniter
Introduction To CodeIgniterschwebbie
 
Plone and Single-Sign On - Active Directory and the Holy Grail
Plone and Single-Sign On - Active Directory and the Holy GrailPlone and Single-Sign On - Active Directory and the Holy Grail
Plone and Single-Sign On - Active Directory and the Holy GrailMatt Hamilton
 
Plone Intranet talk at Plone Open Garden 2014, Sorrento
Plone Intranet talk at Plone Open Garden 2014, SorrentoPlone Intranet talk at Plone Open Garden 2014, Sorrento
Plone Intranet talk at Plone Open Garden 2014, SorrentoMatt Hamilton
 
Adventures in Wonderland - A Plone Developer's Year in iOS
Adventures in Wonderland - A Plone Developer's Year in iOSAdventures in Wonderland - A Plone Developer's Year in iOS
Adventures in Wonderland - A Plone Developer's Year in iOSMatt Hamilton
 
A Journey Through Open Source
A Journey Through Open SourceA Journey Through Open Source
A Journey Through Open SourceMatt Hamilton
 
BathCamp #32 - CMS Smackdown! - Plone
BathCamp #32 - CMS Smackdown! - PloneBathCamp #32 - CMS Smackdown! - Plone
BathCamp #32 - CMS Smackdown! - PloneMatt Hamilton
 
Supercharge Your Career with Open Source
Supercharge Your Career with Open SourceSupercharge Your Career with Open Source
Supercharge Your Career with Open SourceMatt Hamilton
 
Pluggable authentication modules
Pluggable authentication modulesPluggable authentication modules
Pluggable authentication modulesYahia Kandeel
 
Pluggable Authentication Module
Pluggable Authentication ModulePluggable Authentication Module
Pluggable Authentication ModuleSinarShebl
 
Chapter 09
Chapter 09Chapter 09
Chapter 09cclay3
 
Authentication Modules For Linux - PAM Architecture
Authentication Modules For Linux - PAM ArchitectureAuthentication Modules For Linux - PAM Architecture
Authentication Modules For Linux - PAM ArchitecturePriyank Kapadia
 
An introduction to Zope Page Templates and their use outside of Zope (+Audio)
An introduction to Zope Page Templates and their use outside of Zope (+Audio)An introduction to Zope Page Templates and their use outside of Zope (+Audio)
An introduction to Zope Page Templates and their use outside of Zope (+Audio)Matt Hamilton
 
Plone: Event Driven Programming
Plone: Event Driven ProgrammingPlone: Event Driven Programming
Plone: Event Driven ProgrammingMatt Hamilton
 
Mountain Tops to Archipelagos - The People Behind Plone (+AUDIO)
Mountain Tops to Archipelagos - The People Behind Plone (+AUDIO)Mountain Tops to Archipelagos - The People Behind Plone (+AUDIO)
Mountain Tops to Archipelagos - The People Behind Plone (+AUDIO)Matt Hamilton
 
Code your Own: Authentication Provider for Blackboard Learn
Code your Own: Authentication Provider for Blackboard LearnCode your Own: Authentication Provider for Blackboard Learn
Code your Own: Authentication Provider for Blackboard LearnDan Rinzel
 
Implement Authorization in your Apps with Microsoft identity platform-June 2020
Implement Authorization in your Apps with Microsoft identity platform-June 2020Implement Authorization in your Apps with Microsoft identity platform-June 2020
Implement Authorization in your Apps with Microsoft identity platform-June 2020Microsoft 365 Developer
 
Agile methodologies based on BDD and CI by Nikolai Shevchenko
Agile methodologies based on BDD and CI by Nikolai ShevchenkoAgile methodologies based on BDD and CI by Nikolai Shevchenko
Agile methodologies based on BDD and CI by Nikolai ShevchenkoMoldova ICT Summit
 
validation of user credentials in social network by using Django backend aut...
validation of user credentials in social network by using Django backend aut...validation of user credentials in social network by using Django backend aut...
validation of user credentials in social network by using Django backend aut...izzatisholehah
 
TangoWithDjango - ch8
TangoWithDjango - ch8TangoWithDjango - ch8
TangoWithDjango - ch8Asika Kuo
 
SharePoint Saturday Atlanta 2015
SharePoint Saturday Atlanta 2015SharePoint Saturday Atlanta 2015
SharePoint Saturday Atlanta 2015Pushkar Chivate
 
Using API platform to build ticketing system (translations, time zones, ...) ...
Using API platform to build ticketing system (translations, time zones, ...) ...Using API platform to build ticketing system (translations, time zones, ...) ...
Using API platform to build ticketing system (translations, time zones, ...) ...Antonio Peric-Mazar
 
MongoDB.local Atlanta: Introduction to Serverless MongoDB
MongoDB.local Atlanta: Introduction to Serverless MongoDBMongoDB.local Atlanta: Introduction to Serverless MongoDB
MongoDB.local Atlanta: Introduction to Serverless MongoDBMongoDB
 
ASP.NET Lecture 5
ASP.NET Lecture 5ASP.NET Lecture 5
ASP.NET Lecture 5Julie Iskander
 

Contenu connexe

En vedette

Plone and Single-Sign On - Active Directory and the Holy Grail
Plone and Single-Sign On - Active Directory and the Holy GrailPlone and Single-Sign On - Active Directory and the Holy Grail
Plone and Single-Sign On - Active Directory and the Holy GrailMatt Hamilton
 
Plone Intranet talk at Plone Open Garden 2014, Sorrento
Plone Intranet talk at Plone Open Garden 2014, SorrentoPlone Intranet talk at Plone Open Garden 2014, Sorrento
Plone Intranet talk at Plone Open Garden 2014, SorrentoMatt Hamilton
 
Adventures in Wonderland - A Plone Developer's Year in iOS
Adventures in Wonderland - A Plone Developer's Year in iOSAdventures in Wonderland - A Plone Developer's Year in iOS
Adventures in Wonderland - A Plone Developer's Year in iOSMatt Hamilton
 
A Journey Through Open Source
A Journey Through Open SourceA Journey Through Open Source
A Journey Through Open SourceMatt Hamilton
 
BathCamp #32 - CMS Smackdown! - Plone
BathCamp #32 - CMS Smackdown! - PloneBathCamp #32 - CMS Smackdown! - Plone
BathCamp #32 - CMS Smackdown! - PloneMatt Hamilton
 
Supercharge Your Career with Open Source
Supercharge Your Career with Open SourceSupercharge Your Career with Open Source
Supercharge Your Career with Open SourceMatt Hamilton
 
Pluggable authentication modules
Pluggable authentication modulesPluggable authentication modules
Pluggable authentication modulesYahia Kandeel
 
Pluggable Authentication Module
Pluggable Authentication ModulePluggable Authentication Module
Pluggable Authentication ModuleSinarShebl
 
Chapter 09
Chapter 09Chapter 09
Chapter 09cclay3
 
Authentication Modules For Linux - PAM Architecture
Authentication Modules For Linux - PAM ArchitectureAuthentication Modules For Linux - PAM Architecture
Authentication Modules For Linux - PAM ArchitecturePriyank Kapadia
 
An introduction to Zope Page Templates and their use outside of Zope (+Audio)
An introduction to Zope Page Templates and their use outside of Zope (+Audio)An introduction to Zope Page Templates and their use outside of Zope (+Audio)
An introduction to Zope Page Templates and their use outside of Zope (+Audio)Matt Hamilton
 
Plone: Event Driven Programming
Plone: Event Driven ProgrammingPlone: Event Driven Programming
Plone: Event Driven ProgrammingMatt Hamilton
 
Mountain Tops to Archipelagos - The People Behind Plone (+AUDIO)
Mountain Tops to Archipelagos - The People Behind Plone (+AUDIO)Mountain Tops to Archipelagos - The People Behind Plone (+AUDIO)
Mountain Tops to Archipelagos - The People Behind Plone (+AUDIO)Matt Hamilton
 

En vedette (13)

Plone and Single-Sign On - Active Directory and the Holy Grail
Plone and Single-Sign On - Active Directory and the Holy GrailPlone and Single-Sign On - Active Directory and the Holy Grail
Plone and Single-Sign On - Active Directory and the Holy Grail
 
Plone Intranet talk at Plone Open Garden 2014, Sorrento
Plone Intranet talk at Plone Open Garden 2014, SorrentoPlone Intranet talk at Plone Open Garden 2014, Sorrento
Plone Intranet talk at Plone Open Garden 2014, Sorrento
 
Adventures in Wonderland - A Plone Developer's Year in iOS
Adventures in Wonderland - A Plone Developer's Year in iOSAdventures in Wonderland - A Plone Developer's Year in iOS
Adventures in Wonderland - A Plone Developer's Year in iOS
 
A Journey Through Open Source
A Journey Through Open SourceA Journey Through Open Source
A Journey Through Open Source
 
BathCamp #32 - CMS Smackdown! - Plone
BathCamp #32 - CMS Smackdown! - PloneBathCamp #32 - CMS Smackdown! - Plone
BathCamp #32 - CMS Smackdown! - Plone
 
Supercharge Your Career with Open Source
Supercharge Your Career with Open SourceSupercharge Your Career with Open Source
Supercharge Your Career with Open Source
 
Pluggable authentication modules
Pluggable authentication modulesPluggable authentication modules
Pluggable authentication modules
 
Pluggable Authentication Module
Pluggable Authentication ModulePluggable Authentication Module
Pluggable Authentication Module
 
Chapter 09
Chapter 09Chapter 09
Chapter 09
 
Authentication Modules For Linux - PAM Architecture
Authentication Modules For Linux - PAM ArchitectureAuthentication Modules For Linux - PAM Architecture
Authentication Modules For Linux - PAM Architecture
 
An introduction to Zope Page Templates and their use outside of Zope (+Audio)
An introduction to Zope Page Templates and their use outside of Zope (+Audio)An introduction to Zope Page Templates and their use outside of Zope (+Audio)
An introduction to Zope Page Templates and their use outside of Zope (+Audio)
 
Plone: Event Driven Programming
Plone: Event Driven ProgrammingPlone: Event Driven Programming
Plone: Event Driven Programming
 
Mountain Tops to Archipelagos - The People Behind Plone (+AUDIO)
Mountain Tops to Archipelagos - The People Behind Plone (+AUDIO)Mountain Tops to Archipelagos - The People Behind Plone (+AUDIO)
Mountain Tops to Archipelagos - The People Behind Plone (+AUDIO)
 

Similaire à How to get started with the Pluggable Authentication System

Code your Own: Authentication Provider for Blackboard Learn
Code your Own: Authentication Provider for Blackboard LearnCode your Own: Authentication Provider for Blackboard Learn
Code your Own: Authentication Provider for Blackboard LearnDan Rinzel
 
Implement Authorization in your Apps with Microsoft identity platform-June 2020
Implement Authorization in your Apps with Microsoft identity platform-June 2020Implement Authorization in your Apps with Microsoft identity platform-June 2020
Implement Authorization in your Apps with Microsoft identity platform-June 2020Microsoft 365 Developer
 
Agile methodologies based on BDD and CI by Nikolai Shevchenko
Agile methodologies based on BDD and CI by Nikolai ShevchenkoAgile methodologies based on BDD and CI by Nikolai Shevchenko
Agile methodologies based on BDD and CI by Nikolai ShevchenkoMoldova ICT Summit
 
validation of user credentials in social network by using Django backend aut...
validation of user credentials in social network by using Django backend aut...validation of user credentials in social network by using Django backend aut...
validation of user credentials in social network by using Django backend aut...izzatisholehah
 
TangoWithDjango - ch8
TangoWithDjango - ch8TangoWithDjango - ch8
TangoWithDjango - ch8Asika Kuo
 
SharePoint Saturday Atlanta 2015
SharePoint Saturday Atlanta 2015SharePoint Saturday Atlanta 2015
SharePoint Saturday Atlanta 2015Pushkar Chivate
 
Using API platform to build ticketing system (translations, time zones, ...) ...
Using API platform to build ticketing system (translations, time zones, ...) ...Using API platform to build ticketing system (translations, time zones, ...) ...
Using API platform to build ticketing system (translations, time zones, ...) ...Antonio Peric-Mazar
 
MongoDB.local Atlanta: Introduction to Serverless MongoDB
MongoDB.local Atlanta: Introduction to Serverless MongoDBMongoDB.local Atlanta: Introduction to Serverless MongoDB
MongoDB.local Atlanta: Introduction to Serverless MongoDBMongoDB
 
Introduction on sap security
Introduction on sap securityIntroduction on sap security
Introduction on sap securityyektek
 
Five Things You Didn't Know About Firebase Auth
Five Things You Didn't Know About Firebase AuthFive Things You Didn't Know About Firebase Auth
Five Things You Didn't Know About Firebase AuthPeter Friese
 
How to Implement Token Authentication Using the Django REST Framework
How to Implement Token Authentication Using the Django REST FrameworkHow to Implement Token Authentication Using the Django REST Framework
How to Implement Token Authentication Using the Django REST FrameworkKaty Slemon
 
How to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFSHow to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFSJohn Gasper
 
Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiGirish Kalamati
 
Complex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSComplex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSBoyan Dimitrov
 
Evolving your Data Access with MongoDB Stitch - Drew Di Palma
Evolving your Data Access with MongoDB Stitch - Drew Di PalmaEvolving your Data Access with MongoDB Stitch - Drew Di Palma
Evolving your Data Access with MongoDB Stitch - Drew Di PalmaMongoDB
 
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Amazon Web Services
 
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...Amazon Web Services
 
Community call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platformCommunity call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platformMicrosoft 365 Developer
 

Similaire à How to get started with the Pluggable Authentication System (20)

Code your Own: Authentication Provider for Blackboard Learn
Code your Own: Authentication Provider for Blackboard LearnCode your Own: Authentication Provider for Blackboard Learn
Code your Own: Authentication Provider for Blackboard Learn
 
Implement Authorization in your Apps with Microsoft identity platform-June 2020
Implement Authorization in your Apps with Microsoft identity platform-June 2020Implement Authorization in your Apps with Microsoft identity platform-June 2020
Implement Authorization in your Apps with Microsoft identity platform-June 2020
 
Agile methodologies based on BDD and CI by Nikolai Shevchenko
Agile methodologies based on BDD and CI by Nikolai ShevchenkoAgile methodologies based on BDD and CI by Nikolai Shevchenko
Agile methodologies based on BDD and CI by Nikolai Shevchenko
 
validation of user credentials in social network by using Django backend aut...
validation of user credentials in social network by using Django backend aut...validation of user credentials in social network by using Django backend aut...
validation of user credentials in social network by using Django backend aut...
 
TangoWithDjango - ch8
TangoWithDjango - ch8TangoWithDjango - ch8
TangoWithDjango - ch8
 
SharePoint Saturday Atlanta 2015
SharePoint Saturday Atlanta 2015SharePoint Saturday Atlanta 2015
SharePoint Saturday Atlanta 2015
 
Using API platform to build ticketing system (translations, time zones, ...) ...
Using API platform to build ticketing system (translations, time zones, ...) ...Using API platform to build ticketing system (translations, time zones, ...) ...
Using API platform to build ticketing system (translations, time zones, ...) ...
 
MongoDB.local Atlanta: Introduction to Serverless MongoDB
MongoDB.local Atlanta: Introduction to Serverless MongoDBMongoDB.local Atlanta: Introduction to Serverless MongoDB
MongoDB.local Atlanta: Introduction to Serverless MongoDB
 
ASP.NET Lecture 5
ASP.NET Lecture 5ASP.NET Lecture 5
ASP.NET Lecture 5
 
Introduction on sap security
Introduction on sap securityIntroduction on sap security
Introduction on sap security
 
Five Things You Didn't Know About Firebase Auth
Five Things You Didn't Know About Firebase AuthFive Things You Didn't Know About Firebase Auth
Five Things You Didn't Know About Firebase Auth
 
How to Implement Token Authentication Using the Django REST Framework
How to Implement Token Authentication Using the Django REST FrameworkHow to Implement Token Authentication Using the Django REST Framework
How to Implement Token Authentication Using the Django REST Framework
 
How to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFSHow to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFS
 
Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish Kalamati
 
Complex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWSComplex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWS
 
Evolving your Data Access with MongoDB Stitch - Drew Di Palma
Evolving your Data Access with MongoDB Stitch - Drew Di PalmaEvolving your Data Access with MongoDB Stitch - Drew Di Palma
Evolving your Data Access with MongoDB Stitch - Drew Di Palma
 
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
 
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
 
Community call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platformCommunity call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platform
 
User stories through Five W's technique
User stories through Five W's techniqueUser stories through Five W's technique
User stories through Five W's technique
 

Plus de Matt Hamilton

Ceci n’est pas un canard - Machine Learning and Generative Adversarial Networks
Ceci n’est pas un canard - Machine Learning and Generative Adversarial NetworksCeci n’est pas un canard - Machine Learning and Generative Adversarial Networks
Ceci n’est pas un canard - Machine Learning and Generative Adversarial NetworksMatt Hamilton
 
Ceci N'est Pas Un Canard – and Other Machine Learning Stories
Ceci N'est Pas Un Canard – and Other Machine Learning StoriesCeci N'est Pas Un Canard – and Other Machine Learning Stories
Ceci N'est Pas Un Canard – and Other Machine Learning StoriesMatt Hamilton
 
Intro to Machine Learning and AI
Intro to Machine Learning and AIIntro to Machine Learning and AI
Intro to Machine Learning and AIMatt Hamilton
 
Mistakes Made and Lessons Learnt Scaling Plone post-Launch
Mistakes Made and Lessons Learnt Scaling Plone post-LaunchMistakes Made and Lessons Learnt Scaling Plone post-Launch
Mistakes Made and Lessons Learnt Scaling Plone post-LaunchMatt Hamilton
 
Plone Symposium East 2011 Keynote: Plone, A Solution not a Product
Plone Symposium East 2011 Keynote: Plone, A Solution not a ProductPlone Symposium East 2011 Keynote: Plone, A Solution not a Product
Plone Symposium East 2011 Keynote: Plone, A Solution not a ProductMatt Hamilton
 
The Flexibility of Open Source - Plone in the Public Sector
The Flexibility of Open Source - Plone in the Public SectorThe Flexibility of Open Source - Plone in the Public Sector
The Flexibility of Open Source - Plone in the Public SectorMatt Hamilton
 
The Flexibility of Open Source: A Case Study of a large Corporate Intranet
The Flexibility of Open Source: A Case Study of a large Corporate IntranetThe Flexibility of Open Source: A Case Study of a large Corporate Intranet
The Flexibility of Open Source: A Case Study of a large Corporate IntranetMatt Hamilton
 
Plone - Revised Roadmap: Plone 3,4,5 and beyond - Dutch Plone Users Day (+AUDIO)
Plone - Revised Roadmap: Plone 3,4,5 and beyond - Dutch Plone Users Day (+AUDIO)Plone - Revised Roadmap: Plone 3,4,5 and beyond - Dutch Plone Users Day (+AUDIO)
Plone - Revised Roadmap: Plone 3,4,5 and beyond - Dutch Plone Users Day (+AUDIO)Matt Hamilton
 
Lipstick On a Pig (+Audio)
Lipstick On a Pig (+Audio)Lipstick On a Pig (+Audio)
Lipstick On a Pig (+Audio)Matt Hamilton
 
Lipstick on a Pig - European Plone Symposium 2009
Lipstick on a Pig - European Plone Symposium 2009Lipstick on a Pig - European Plone Symposium 2009
Lipstick on a Pig - European Plone Symposium 2009Matt Hamilton
 
Kent Connects: Harnessing Open Source for Shared Services and Partnership Wor...
Kent Connects: Harnessing Open Source for Shared Services and Partnership Wor...Kent Connects: Harnessing Open Source for Shared Services and Partnership Wor...
Kent Connects: Harnessing Open Source for Shared Services and Partnership Wor...Matt Hamilton
 
NextGen Roadshow Bmex Case Study
NextGen Roadshow Bmex Case StudyNextGen Roadshow Bmex Case Study
NextGen Roadshow Bmex Case StudyMatt Hamilton
 
Open Source and Content Management (+audio)
Open Source and Content Management (+audio)Open Source and Content Management (+audio)
Open Source and Content Management (+audio)Matt Hamilton
 

Plus de Matt Hamilton (13)

Ceci n’est pas un canard - Machine Learning and Generative Adversarial Networks
Ceci n’est pas un canard - Machine Learning and Generative Adversarial NetworksCeci n’est pas un canard - Machine Learning and Generative Adversarial Networks
Ceci n’est pas un canard - Machine Learning and Generative Adversarial Networks
 
Ceci N'est Pas Un Canard – and Other Machine Learning Stories
Ceci N'est Pas Un Canard – and Other Machine Learning StoriesCeci N'est Pas Un Canard – and Other Machine Learning Stories
Ceci N'est Pas Un Canard – and Other Machine Learning Stories
 
Intro to Machine Learning and AI
Intro to Machine Learning and AIIntro to Machine Learning and AI
Intro to Machine Learning and AI
 
Mistakes Made and Lessons Learnt Scaling Plone post-Launch
Mistakes Made and Lessons Learnt Scaling Plone post-LaunchMistakes Made and Lessons Learnt Scaling Plone post-Launch
Mistakes Made and Lessons Learnt Scaling Plone post-Launch
 
Plone Symposium East 2011 Keynote: Plone, A Solution not a Product
Plone Symposium East 2011 Keynote: Plone, A Solution not a ProductPlone Symposium East 2011 Keynote: Plone, A Solution not a Product
Plone Symposium East 2011 Keynote: Plone, A Solution not a Product
 
The Flexibility of Open Source - Plone in the Public Sector
The Flexibility of Open Source - Plone in the Public SectorThe Flexibility of Open Source - Plone in the Public Sector
The Flexibility of Open Source - Plone in the Public Sector
 
The Flexibility of Open Source: A Case Study of a large Corporate Intranet
The Flexibility of Open Source: A Case Study of a large Corporate IntranetThe Flexibility of Open Source: A Case Study of a large Corporate Intranet
The Flexibility of Open Source: A Case Study of a large Corporate Intranet
 
Plone - Revised Roadmap: Plone 3,4,5 and beyond - Dutch Plone Users Day (+AUDIO)
Plone - Revised Roadmap: Plone 3,4,5 and beyond - Dutch Plone Users Day (+AUDIO)Plone - Revised Roadmap: Plone 3,4,5 and beyond - Dutch Plone Users Day (+AUDIO)
Plone - Revised Roadmap: Plone 3,4,5 and beyond - Dutch Plone Users Day (+AUDIO)
 
Lipstick On a Pig (+Audio)
Lipstick On a Pig (+Audio)Lipstick On a Pig (+Audio)
Lipstick On a Pig (+Audio)
 
Lipstick on a Pig - European Plone Symposium 2009
Lipstick on a Pig - European Plone Symposium 2009Lipstick on a Pig - European Plone Symposium 2009
Lipstick on a Pig - European Plone Symposium 2009
 
Kent Connects: Harnessing Open Source for Shared Services and Partnership Wor...
Kent Connects: Harnessing Open Source for Shared Services and Partnership Wor...Kent Connects: Harnessing Open Source for Shared Services and Partnership Wor...
Kent Connects: Harnessing Open Source for Shared Services and Partnership Wor...
 
NextGen Roadshow Bmex Case Study
NextGen Roadshow Bmex Case StudyNextGen Roadshow Bmex Case Study
NextGen Roadshow Bmex Case Study
 
Open Source and Content Management (+audio)
Open Source and Content Management (+audio)Open Source and Content Management (+audio)
Open Source and Content Management (+audio)
 

Dernier

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 

Dernier (20)

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 

How to get started with the Pluggable Authentication System

  • 1. How to get started with Matt Hamilton The Pluggable Authentication System Plone Conference 2013 - Brasilia
  • 2. Plone Conference 2013 - Brasilia Who am I? • Working with Plone/Zope since 1999 • Director at Netsight in the UK • Worked on a number of projects doing authentication over the years
  • 3. Plone Conference 2013 - Brasilia What is PAS? • Pluggable Authentication System
  • 4. Plone Conference 2013 - Brasilia History of PAS • Zope User Folders • ExtUserFolder • PAS
  • 5. Plone Conference 2013 - Brasilia PAS is one of Plone’s Killer Features
  • 7. Plone Conference 2013 - Brasilia Architecture • Uses the Zope Component Architecture (ZCA) heavily • Many interfaces, each defining an aspect of the authentication process • Each plugin can implement one or more interfaces
  • 8. Plone Conference 2013 - Brasilia Anonymoususerfactory Plugins Create anonymous users. Authentication Plugins Authentication plugins are responsible for validating credentials generated by the Extraction Plugin. Challenge Plugins Challenge plugins initiate a challenge to the user to provide credentials. Challenge_Protocol_Chooser Plugins Challenge Protocol Chooser plugins decide what authorizationprotocol to use for a given request type. Reset Credentials Plugins Credential clear plugins respond to a user logging out. Update Credentials Plugins Credential update plugins respond to the user changing credentials. Extraction Plugins Extraction plugins are responsible for extracting credentials from the request. Group_Enumeration Plugins Enumeration plugins allow querying groups by ID. Group_Introspection Plugins Group Introspection provides listings of groups and membership Group_Management Plugins Group Management provides add/write/deletion of groups and member management Groups Plugins Groups plugins determine the groups to which a user belongs. Local_Roles Plugins Defines Policy for getting Local Roles Notcompetent Plugins Not-Competent plugins check whether this user folder should not authenticate the current request. These plugins are not used for a top level user folder. They are typically used to prevent shaddowing of authentications by higher level user folders. Properties Plugins Properties plugins generate property sheets for users. Request_Type_Sniffer Plugins Request Type Sniffer plugins detect the type of an incoming request. Role_Assigner Plugins Role Assigner plugins allow the Pluggable Auth Service to assign roles to principals. Role_Enumeration Plugins Enumeration plugins allow querying roles by ID. Roles Plugins Roles plugins determine the global roles which a user has. Update Plugins Update plugins allow the user or the application to update the user's properties. User_Adder Plugins User Adder plugins allow the Pluggable Auth Service to create users. User_Enumeration Plugins Enumeration plugins allow querying users by ID, and searching for users who match particular criteria. Userfactory Plugins Create users. User_Introspection Plugins The User Introspection plugins allow the Pluggable Auth Service to provide lists of users User_Management Plugins The User Management plugins allow the Pluggable Auth Service to add/delete/modify users Validation Plugins Validation plugins specify allowable values for user properties (e.g., minimum password length, allowed characters, etc.)
  • 9. Plone Conference 2013 - Brasilia Interfaces class IExtractionPlugin( Interface ): """ Extracts login name and credentials from a request. """ def extractCredentials( request ): """ request -> {...} o Return a mapping of any derived credentials. o Return an empty mapping to indicate that the plugin found no appropriate credentials. """
  • 10. Plone Conference 2013 - Brasilia Interfaces class IAuthenticationPlugin( Interface ): """ Map credentials to a user ID. """ def authenticateCredentials( credentials ): """ credentials -> (userid, login) o 'credentials' will be a mapping, as returned by IExtractionPlugin. o Return a tuple consisting of user ID (which may be different from the login name) and login o If the credentials cannot be authenticated, return None. """
  • 11. Plone Conference 2013 - Brasilia Interfaces class IPropertiesPlugin( Interface ): """ Return a property set for a user. """ def getPropertiesForUser( user, request=None ): """ user -> {} o User will implement IPropertiedUser. o Plugin should return a dictionary or an object providing IPropertySheet. o Plugin may scribble on the user, if needed (but must still return a mapping, even if empty). o May assign properties based on values in the REQUEST object, if present """
  • 12. Plone Conference 2013 - Brasilia Interfaces class IGroupsPlugin( Interface ): """ Determine the groups to which a user belongs. """ def getGroupsForPrincipal( principal, request=None ): """ principal -> ( group_1, ... group_N ) o Return a sequence of group names to which the principal (either a user or another group) belongs. o May assign groups based on values in the REQUEST object, if present """
  • 13. Plone Conference 2013 - Brasilia Plugins • Plugins can be stacked in order you want them to be used
  • 14. Plone Conference 2013 - Brasilia Plugins
  • 15. Plone Conference 2013 - Brasilia Example PAS Plugins • ZODB User Manager • Products.LDAPMultiPlugins (PloneLDAP) • pas.plugins.velruse • netsight.windowsauthplugin • netsight.aspxauthplugin
  • 16. Plone Conference 2013 - Brasilia Combining PAS Plugins
  • 17. Plone Conference 2013 - Brasilia Worked Example • netsight.aspxauthplugin • Encrypts/Decrypts the .ASPXAUTH cookie used by .NET applications • Allows Plone to trust the auth of a .NET application and vice-versa • Simplified, ignoring some of the boiler plate and crypto code
  • 18. Plone Conference 2013 - Brasilia def extractCredentials( self, request ) “””To extract the cookie from the browser””” def authenticateCredentials( self, credentials ) “””To decrypt the cookie and validate it is correct””” def resetCredentials(self, request, response) “””To delete the cookie on logout”””
  • 19. Plone Conference 2013 - Brasilia security.declarePrivate( 'extractCredentials' ) def extractCredentials( self, request ): """ Extract auth credentials from 'request'. """ cookie = request.cookies.get('.ASPXAUTH') if cookie: creds = {} creds['cookie'] = cookie creds['plugin'] = self.getId() return creds
  • 20. Plone Conference 2013 - Brasilia security.declarePrivate( 'authenticateCredentials' ) def authenticateCredentials( self, credentials ): request = self.REQUEST response = request.RESPONSE # We only authenticate when our challenge mechanism # extracted the cookie if credentials.get('plugin') != self.getId(): return None cookie = credentials.get('cookie') if not cookie: return None sig, data = self.decodeCookie(cookie)
  • 21. Plone Conference 2013 - Brasilia # check signature is valid if not self.checkSignature(data,sig): return None # decrypt data decryptedBytes = self.decryptData(data) if not decryptedBytes: return None # unpack the values from the data unpacked = self.unpackData(decryptedBytes) if unpacked is None: return None start_time, end_time, username, version, persistent, userdata, path = unpacked # return the userid and login return username, username
  • 22. Plone Conference 2013 - Brasilia security.declarePrivate( 'resetCredentials' ) def resetCredentials(self, request, response): """ Raise unauthorized to tell browser to clear credentials. """ response.expireCookie('.ASPXAUTH', path='/', domain='.netsightdev.co.uk')
  • 23. Plone Conference 2013 - Brasilia Gotchas • UserId versus Login • Plugin Performance • Plugin Order • Current paster/templar template missing (sprint?)
  • 24. Plone Conference 2013 - Brasilia Obrigado! Matt Hamilton matth@netsight.co.uk @hammertoe http://slideshare.net/hammertoe