[Product-Developers] How to manage Plone groups with the Grouper management system?

Michael Miller mmiller at it.ucla.edu
Thu Feb 9 17:41:07 UTC 2012

Hi all, 

We would like to customize Plone to read groups (membership information)
from an external source.

At UCLA we have successfully integrated Plone with Shibboleth (using
WebServerAuth) which provides the authenticated user in a header.  We have a
generic groups management system called Grouper
(http://grouper.internet2.edu). We would like to leverage Grouper's group
functionality that is delivered via Shibboleth headers.

Here's an idea of how we envision this working:

Manage Plone groups in Grouper. Manage roles using the Plone administration
portal. Upon authentication, Shibboleth will deliver all groups that the
user is a member of via request headers. Identify the plugin point within
Plone/Zope, read the groups from the request header, use the group id/name
to get the roles  (from ZOPE Group manager??). 

We need help identifying the plugin point where we would need to do this and
how/where to read roles.

does anyone have suggestions on where we might start?


Michael Miller
UCLA IT Services

View this message in context: http://plone.293351.n2.nabble.com/How-to-manage-Plone-groups-with-the-Grouper-management-system-tp7270017p7270017.html
Sent from the Product Developers mailing list archive at Nabble.com.

More information about the Product-Developers mailing list