New user?
Document Actions
Liberty Authentication Plugin for PAS 0.1-Unreleased-SVN (Alpha release)
Up to Product page
This is not a final release. Experimental releases should only be used for testing and development. Do not use these on production sites, and make sure you have proper backups before installing.
A Liberty authentication plugin for Zope / Plone Pluggable Authentication Service. This Plug-in have been developed to integrate Plone in an e-Learning SOA for the European Project GEARS
For additional information about this project, please visit the
project page.
Available downloads
Release Notes
| Tested with | Plone 2.5 |
|---|---|
| State | Alpha release |
| License | GPL |
This Plug-in relies on Lasso Library.
It has been tested in the European project Gears (http://gears.euproject.org/) and this services/identity federation have been demonstrated at the ePortfolio plugfest associated with the 4th internation ePortfolio Conference in Oxford in October 2006 (http://www.eife-l.org/news/ep2006).
This release have been tested with Plone2.5 and Zope 2.8.6
INSTALL:
Adding a liberty plugin instance from a plone site.
Requirement :
-------------
- lasso >= 0.6.3.
- openssl package (with openssl command).
Installing the plugin :
-----------------------
- Copy the plugin LibertyAuthPlugin directory to the zope product directory.
- Copy the plugin SOAPSupport from the liberty plugin directory LibertyAuthPlugin to zope product directory. Original SOAPSUpport product doesn't allow to read HTTP xml body from installed LibertyAuthPlugin python scripts. This modified version fix this problem by adding code to HTTPRequest.py file. HTTPRequest.py.orig is the original version of HTTPRequest.py.
- Start zope
- Adding an instance of the plugin :
-----------------------------------
- first you need to add a Plone Site instance in the root folder.
- In the plone portal instance, go to acl_users object, from the "Challenge Protocol Chosser Plugin" selection,
choose LibertyAuthPlugin and click on the Add button.
- Give an id.
- Leave Provider Role on "Service Provider".
- Give an oganism name.
- Click on Create button.
- Adding a remote Identity Provider :
-------------------------------------
- From acl_users object of portal instance, choose your previously created liberty plugin object.
- Click on "Remote Providers" option on the panel.
- In sub section "Add a new remote provider",
- Choose "Identity Provider" from Role selection.
- Choose a unique name for IDP.
- Browse and select the Identity Provider metadata file.
- Browse and select the Identity Provider public key file.
- Configuring the liberty plugin functions :
---------------------------------------------
- From the portal object acl_users, select the liberty plugin object.
- Select Authentication and activate your plugin, move it at first position if necessary.
- Select Challenge and activate your plugin, move it at first position if necessary.
- Select Extraction and activate your plugin, move it at first position if necessary.
- Configuring the metadata file publication :
---------------------------------------------
- Each Liberty plugin instance are stored in there own directory in $(ZOPE_PRODUCT)/LibertyAuthPlugin/liberty. For example, a LibertyAuthPlugin instance named "myplugin" has metadata and keys stored in : $(ZOPE_PRODUCT)/LibertyAuthPlugin/liberty/myplugin.
- From the portal object, go to "liberty" directory object, and add a File object from the metadata plugin. From previous example, metadata file would be : $(ZOPE_PRODUCT)/LibertyAuthPlugin/liberty/myplugin/metadata.xml.
- Configuring Plone portal user actions :
------------------------------------------
- From portal object, choose "portal_registration" object and add the following actions :
- add 'singleLogout' action :
- title : "Sign out"
- id : "sign_out"
- url (expression) : "string:${portal_url}/liberty/singleLogout"
- condition : "python:request.SESSION.get('sessionDump') is not None and member"
- permission : "(none)"
- category : "user"
- visible : x
- add 'signOn' action :
- title : "Sign on"
- id : "sign_on"
- url (expression) : "string:${portal_url}/liberty/signOn"
- condition : "not:member"
- permission : "(none)"
- category : "user"
- visible : x
- Adding a user token entry for user :
---------------------------------------
- From portal instance, acl_users, select the liberty plugin
- Choose "Liberty Provider", from panel options
- In the "User Tokens" section, choose a user id from the selection and click "Add" button
- User can now sign on and federate by giving the user token when asked
LibertyAuthPlugin is copyrighted by Entr'ouvert and is licensed through the GNU General Public Licence.
