[Product-Developers] How to manage Plone groups with the Grouper management system?
Jon Stahl
jonstahl at gmail.com
Thu Feb 9 18:16:18 UTC 2012
On Thu, Feb 9, 2012 at 9:41 AM, Michael Miller <mmiller at it.ucla.edu> wrote:
> Hi all,
>
> We would like to customize Plone to read groups (membership information)
> from an external source.
>
> At UCLA we have successfully integrated Plone with Shibboleth (using
> WebServerAuth) which provides the authenticated user in a header. We have a
> generic groups management system called Grouper
> (http://grouper.internet2.edu). We would like to leverage Grouper's group
> functionality that is delivered via Shibboleth headers.
>
> Here's an idea of how we envision this working:
>
> Manage Plone groups in Grouper. Manage roles using the Plone administration
> portal. Upon authentication, Shibboleth will deliver all groups that the
> user is a member of via request headers. Identify the plugin point within
> Plone/Zope, read the groups from the request header, use the group id/name
> to get the roles (from ZOPE Group manager??).
>
> We need help identifying the plugin point where we would need to do this and
> how/where to read roles.
>
> does anyone have suggestions on where we might start?
This sounds like exactly what you'd create a PAS Plugin to do.
https://plone.org/documentation/manual/developer-manual/users-and-security/pluggable-authentication-service/
and
http://collective-docs.readthedocs.org/en/latest/members/pluggable_authentication_service/index.html
are good references.
:jon
More information about the Product-Developers
mailing list