CAS on 3.0 (Was Re: Hiding a Portlet in a Filesystem Package)

Matthew Wilkes matt at matthewwilkes.name
Wed Oct 17 00:11:02 UTC 2007


On 17 Oct 2007, at 00:48, Derek Richardson wrote:

> Matthew Wilkes wrote:
>> On 16 Oct 2007, at 23:23, Derek Richardson wrote:
>>> Hey. I'm writing a package to provide a Plone 3.0-compatible UI  
>>> for PAS4CAS - a replacement for PloneCASLogin, which has not been  
>>> updated. The basics work. I now want to hide the login portlet,  
>>> since it is non-functional and confusing with CAS.
>> Hi Derek,
>>  From my own dealings with CAS, the login form is certainly not  
>> non-functional, it's only non-functional if CAS is the sole means  
>> of authentication.
>
> Hmmm. Under what conditions would you have two means (CAS + other)  
> of authentication? If there is a use case there, I need to think  
> about it. But it seems very strange to me. ;)

My students' union.  The following is at various levels of  
implementation:

There are the following types of users:

1) Current students (CAS)
2) Staff (CAS)
3) Ex-students (maybe LDAP, maybe a different CAS server, maybe  
something else)
4) Honorary Members (Membrane)
5) Associate members (Custom PAS or heavy-lifting with Membrane)
6) Affiliate members (IP matching/membrane)

The basic reasoning being there is a CAS server for current members  
of the university, an LDAP directory of ex members and local storage  
of the small number of people who are members of the union and not  
the university.

>> I recommend creating your own CAS login portlet with a link to  
>> your CAS provider and letting the user hide or show the standard  
>> login portlet as needed.
>
> Ah, that's what old PloneCASLogin did that I never understood. I  
> mean, if the 'login' link is on the personal bar always and does  
> just as good as a big 'CAS' button, then why spend the screen real  
> estate? But, again, if there's a legit use case here, I should  
> consider it.

The login link can be overridden by customisers, it's not the place  
of your plugin to say what the main method of authentication is.

> I don't think we're going to use either of these (two auth mechs or  
> big CAS button) at Georgia Tech, but, if I'm going to do battle  
> with our legal dept to release this publicly (and I plan to), then  
> I want to do it right to make the effort worthwhile.

I recommend talking to Pete Walker at the University of Bristol, as I  
know they're looking to do some work with Plone 3 and we use CAS  
extensively.  I've CCed him in.

> BTW, Matt, is was *great* sprinting with you this weekend. I really  
> appreciate your contributions to Vice.

I'm glad to be of help, sorry about the disappearing act yesterday,  
was in a political party headquarters just as the leader stepped  
down, had to give up my ethernet port pretty sharpish.  You'll be  
happy to know I have a working portal_syndication, I'm working on  
updating the GUI.

Matt





More information about the Product-Developers mailing list