Skip to main content

PAS plugin for Plone. Allow users to login using social networks through Velruse

Project description

A PAS plugin for Plone that authenticate users from social networks through the use of Velruse.

Introduction

This Plone plugin let you to enable authentication of social networks users in Plone sites, using Velruse.

Velruse is a Pyramid application so defined:

Velruse is a set of authentication routines that provide a unified way to have a website user authenticate to a variety of different identity providers and/or a variety of different authentication schemes.

It is similar in some ways to Janrain Engage with the exception of being open-source, locally installable, and easily pluggable for custom identity providers and authentication schemes.

—from Velruse documentation

Why use Velruse instead of RPX service?

Plone ecosystem already have at least one plugin for a general social authentication: plonesocial.auth.rpx. But in some environments (for example: public company or whatever use case where the user’s privacy follow strict rules) this kind of service can’t be used.

Privacy apart, Velruse is open source* and **easilly pluggable: you can provide authentication providers for new services not covered by Janrain.

Check also this Velruse presentation for more.

How to Use

Installing Velruse

Velruse is a Pyramid application so you must follow the proper installation instruction the refer to the Velruse setup guide.

Velruse can be executed as a separate Pyramid service and the Plone plugin needs this configuration. It will talk to Velruse using HTTP requests.

TODO: recent Zope version can be executed in the WSGI stack. Maybe future version of the plugin would support also this alternative way? Who knows.

Installing pas.plugins.velruse

Just add pas.plugins.velruse to your buildout configuration and re-run it.

[instance]
recipe = plone.recipe.zope2instance

...

eggs =
    ...
    pas.plugins.velruse

After Plone restart, add “Velruse authentication plugin” product to you Plone site.

Configuring pas.plugins.velruse

All configuration are done through the “Velruse integration settings” configuration, from the Plone control panel.

General site settings

The first section is for configuration that globally controls how Plone talk to Velruse, and other user interface options.

Site login enabled

If you want to keep enabled the standard Plone site login form or not.

Authentication services enabled

A configuration list of available Velruse backends. See below.

Connection timeout

A timeout value for connection to velruse server.

The “Authentication services enabled” configuration is composed by a set of triplets:

Name

(optional) A descriptive name of the remote service. For example: “Facebook”.

URL or path

(mandatory) URL or path to the running Velruse service. Please note: this must be a public URL the user must able to access. This is not really mandatory, but if not provided the login method is not displayed in the login form.

Icon

(optional) URL or path for an icon that can recall the service logo.

Default CSS implementation is for 64x64px images.

URLs above can be absolute (”http://auth.yourservice.com/login/facebook”) or relative to the portal root URL by using a starting slash (“/velruse/login/facebook”). The latter will help you keeping Plone and Velruse behind Apache.

Those information are used to properly configure the new login form.

New login form

PAS plugins configuration

The other configuration section is relative the Velruse PAS plugin(s).

Velruse server host

The hostname of the Pyramid Velruse service. For example: 127.0.0.1:8080 if Velruse run on the same server of Plone.

Velruse auth info path

The configured Pyramid route for calling auth_info. Default is /velruse/auth_info.

Keep in mind this warning taken from official Velruse documentation:

The /auth_info URL should be considered sensitive and only trusted services should be allowed access. If an attacker intercepts a an authentication token, they could potentially query /auth_info and learn all of the credentials for the user.

User roles

Set of default roles automatically given to users that perform authentication with the Velruse plugin. Default to “Members” only.

Plus, you have two additional forms: “Users management” and “Blacklist management” to manage user’s data inside the plugin. You can delete data or enableadd the user to the blacklist. Blacklisted users can’t authenticate anymore.

Data read by Plone from Velruse

Right now only Twitter, Facebook, Linkedin and Google+ are automatically configured:

  • from Twitter: fullname, location, personal home page and portrait (no e-mail can be read)

  • from Facebook: fullname, e-mail and portrait

  • from Linkedin: fullname, e-mail and portrait (must properly configure the Linkedin API)

  • from Google: fullname and e-mail

But Velruse support a lot of additional providers; if you want to enable more (this is true also for custom providers) you must configure the plugin, setting what data try to read by changing a configuration variable.

from pas.plugins.velruse.config import PROPERTY_PROVIDERS_INFO
PROPERTY_PROVIDERS_INFO['yourmagicnewprovider'] = ('fullname', 'email', 'description')

TODO: this will probably change in future, maybe replaced by a blacklist of property you don’t want to read, or something configurable TTW.

Requirements

Tested with:

  • Plone 3.3

  • Plone 4.2

  • Plone 4.3

All using Velruse 1.1.

Credits

Developed with the support of Regione Emilia Romagna; Regione Emilia Romagna supports the PloneGov initiative.

Authors

This product was developed by RedTurtle Technology team.

RedTurtle Technology Site

Special thanks to Mauro Amico and Ben Bangert (for accepting a couple of mine pull requests).

Changelog

0.1.0a1 (2014-05-14)

  • Initial release

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pas.plugins.velruse-0.1.0a1.zip (75.2 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page