[Product-Developers] How to manage Plone groups with the Grouper management system?

Jon Stahl jonstahl at gmail.com
Thu Feb 9 18:16:18 UTC 2012

On Thu, Feb 9, 2012 at 9:41 AM, Michael Miller <mmiller at it.ucla.edu> wrote:
> Hi all,
> We would like to customize Plone to read groups (membership information)
> from an external source.
> At UCLA we have successfully integrated Plone with Shibboleth (using
> WebServerAuth) which provides the authenticated user in a header.  We have a
> generic groups management system called Grouper
> (http://grouper.internet2.edu). We would like to leverage Grouper's group
> functionality that is delivered via Shibboleth headers.
> Here's an idea of how we envision this working:
> Manage Plone groups in Grouper. Manage roles using the Plone administration
> portal. Upon authentication, Shibboleth will deliver all groups that the
> user is a member of via request headers. Identify the plugin point within
> Plone/Zope, read the groups from the request header, use the group id/name
> to get the roles  (from ZOPE Group manager??).
> We need help identifying the plugin point where we would need to do this and
> how/where to read roles.
> does anyone have suggestions on where we might start?

This sounds like exactly what you'd create a PAS Plugin to do.




are good references.


More information about the Product-Developers mailing list