Permalink
Browse files

Adding modular auth

  • Loading branch information...
1 parent a257a01 commit 2b49ac35d501a77ecc2cfc3bacf024f2c4d9f835 @davidjb davidjb committed Oct 3, 2012
Showing with 69 additions and 2 deletions.
  1. +20 −2 README.rst
  2. +12 −0 auth.cfg
  3. +37 −0 who.ini.in
View
@@ -90,9 +90,27 @@ You need to configure several options within your Paste configuration too::
#Who configuration file location for ``pyramid_who``
jcu.auth.who_config_file = %(here)s/who.ini
-We'll automatically figure out the SSO URL from your ``who.ini`` configuration.
+You should use the pre-constructed ``who.ini`` file by adding this to your
+buildout configuration for your WSGI project. This automatically pulls
+in the relevant templating buildout for ``repoze.who`` and produces a
+``who.ini`` file in your buildout directory::
-Check a user's groups by looking up::
+ [buildout]
+ extends = https://github.com/jcu-eresearch/jcu.common/blob/master/auth.cfg
+
+ [settings]
+ cas-url = https://cas.secure.jcu.edu.au/cas/
+ auth-tkt-secret = password
+ auth-tkt-cookie-name = cookie-name
+
+Note that you get the above ``[settings]`` section by default, so if you just
+want to test you probably don't need to re-specify the settings. The nature
+of buildout, however, means that you can override the options as you need to.
+
+Once you've done this, we'll automatically figure out the SSO URL from your
+``who.ini`` configuration upon running your application.
+
+Check a user's groups by doing the following in your application::
from pyramid.security import effective_principals
effective_principals(request)
View
@@ -0,0 +1,12 @@
+[buildout]
+parts += who-config
+
+[settings]
+cas-url = https://cas.secure.jcu.edu.au/cas/
+auth-tkt-secret = password
+auth-tkt-cookie-name = cookie-name
+
+[who-config]
+recipe = collective.recipe.template
+url = https://github.com/jcu-eresearch/jcu.common/blob/master/who.ini.in
+output = ${buildout:directory}/who.ini
View
@@ -0,0 +1,37 @@
+[plugin:casauth]
+use = repoze.who.plugins.cas.main_plugin:make_plugin
+cas_url = ${settings:cas-url}
+rememberer_name = auth_tkt
+path_logout = .*/logout.*
+ .*mode=logout.*
+
+[plugin:auth_tkt]
+use = repoze.who.plugins.auth_tkt:make_plugin
+secret = ${settings:auth-tkt-secret}
+cookie_name = ${settings:auth-cookie-name}
+secure = False
+include_ip = False
+timeout = 21600
+reissue_time = 21600
+
+[general]
+request_classifier = repoze.who.classifiers:default_request_classifier
+challenge_decider = repoze.who.classifiers:default_challenge_decider
+remote_user_key = REMOTE_USER
+
+[identifiers]
+# plugin_name;classifier_name:.. or just plugin_name (good for any)
+plugins =
+ casauth
+ auth_tkt
+
+[authenticators]
+# plugin_name;classifier_name.. or just plugin_name (good for any)
+plugins =
+ casauth
+ auth_tkt
+
+[challengers]
+# plugin_name;classifier_name:.. or just plugin_name (good for any)
+plugins =
+ casauth

0 comments on commit 2b49ac3

Please sign in to comment.