The ZMS adapter for Zope's Pluggable Authentication Service, PAS delivers four adapters each providing specific API functions of the PAS authentication process:
- ZMS PAS Cookie Auth Helper: containing a login form and the auth cookie name
- ZMS PAS Role Plugin: containing the API methods authenticateCredentialsImpl and enumerateUsersImpl for connection external user repositories
- ZMS PAS User Plugin: containing the API method getRolesForPrincipalImpl
- ZMS PAS SSO Plugin: processing an OpenID-Connect (OIDC) conformant http header for several authentication steps (credential extraction, authentication etc.)
- itsdangerous: Various helpers to pass data to untrusted environments and to get it back safe and sound. Data is cryptographically signed to ensure that a token has not been tampered with. https://pypi.org/project/itsdangerous/
| Name | Value | Description |
|---|---|---|
| Header Name | HTTP_X_AUTH_RESULT |
the name of the HTTP-header containing the OIDC auth-result |
| Secret Key | ****************** |
the secret key used to decrypt the auth-result using the itsdangerous-module |
| Login Path | http://zms.hosting/auth/login |
the path for redirection from challenge to SSO login. |
| Login Pattern | https?:\/\/(.*)\/manage |
the pattern of original url for redirection from challenge to SSO login. |
| Came From | came_from |
the name of the request-parameter containing the original url the request came from |
| User ID Attributes | user_id,sub |
the name(s) of the http header payload fields representing the user id. |
Optional*: roles_attr |
roles_attr |
the name of the http header payload field representing a list of roles. |
* The ZMS PluggableAuthService SSO Plugin is able to extract the user roles; for this a new attribute named "roles_attr" (string type) must be added manually to the property list
Copyright (c) 2000-2023 SNTL Publishing https://www.sntl-publishing.com, Berlin. Code released under the GNU General Public License v3 http://www.gnu.org/licenses/gpl.html license.