Pas plugin use to connect to auth.imio.be
Project description
Install local or remote connector to Imio authentic (SSO).
Features
Override Plone login page
Connect with SSO
Disabled edition of username and e-mail
Connect with JWT
Installation
You need libffi-dev and openssl-dev packages installed (sudo apt install libffi-dev openssl-dev) Install pas.plugins.imio by adding it to your buildout:
[buildout] ... eggs = pas.plugins.imio
And then running bin/buildout
After your instance is up, you can now install pas.plugins.imio from addons page.
Usage
To update list of users, go to one of this view :
/@@add-authentic-users?type=usagers
/@@add-authentic-users?type=agents
To login with an user registred into Plone/Zope instead of pas plugin use this view :
Plone 4: ${portal_url}/login_form
Plone 5.2+: ${portal_url}/zope_login
You can also use plone default view for login with zope admin: aq_parent/@@plone-root-login
How to use JWT
First, add an Openid Connect client to Authentic with these options:
Processus d’autorisation : mot de passe du propriétaire de ressource
Politique des identifiants : identifiant unique
Portée de cession par crédentiels du propriétaire de la ressource : openid
Algorithme de signature IDToken : RSA
Oidc claims : userid | django_user_identifier | openid
Second, you can ask Authentic to get a JWT
Python code example:
import requests url = "http://agents.localhost/idp/oidc/token/" payload = { "grant_type": "password", "client_id": "client-id-plone5-app", "client_secret": "client-secret-plone5-app", "username": "jdoe", "password": "jdoe", "scope": ["openid"], } headers = { "Content-Type": "application/x-www-form-urlencoded", } response = requests.post(url, headers=headers, data=payload).json() id_token = response.get("id_token")
Finally, you can request Plone with bearer header:
import requests url = "http://localhost:8081/imio/test-1/" headers = { "Accept": "application/json", "Authorization": "Bearer {0}".format(id_token), } response = requests.get(url, headers=headers)
Translations
This product has been translated into
English
French
Contribute
Issue Tracker: https://github.com/IMIO/pas.plugins.imio/issues
Source Code: https://github.com/IMIO/pas.plugins.imio
License
The project is licensed under the GPLv2.
Contributors
Benoit Suttor, bsuttor@imio.be
Changelog
1.0.8 (2021-10-15)
Fill username when user is created with JWT. [bsuttor]
1.0.7 (2021-10-15)
Create user with JWT token on first connection. [bsuttor]
1.0.6 (2021-06-01)
Fixed ModuleNotFoundError: No module named ‘App.class_init’ on Zope 5. [bsuttor]
Add JWT support. [bsuttor]
1.0.5 (2021-01-04)
Improve Anysurfer integration. [bsuttor]
Added revoke-user-access page to remove a user from its groups and revoke its roles. [odelaere]
1.0.4 (2020-10-08)
Plugin also provide IUserIntrospection so user from Authentic PAS plugin will also listed in api.user.get_users(). [bsuttor]
Use IItem for Object to redirect imio_login instead of INavigation. It’s solved bug to redirect from other page than root navigation, and so page which required access. [bsuttor]
Fix redirect after login for Plone < 5.2. [odelaere]
1.0.3 (2020-07-30)
Add Plone 5 testing profile. [bsuttor]
1.0.2 (2020-07-16)
Fix(testing profile): dependency of plone4 profile do not exists, use default. [bsuttor]
1.0.1 (2020-07-16)
Add plone 4 testing profile. [bsuttor]
Do not install usager login by default. [bsuttor]
Fix: import zcml permission from plone.app.controlpanel [bsuttor]
1.0.0 (2020-05-29)
Fix: set username on python3 when new user added. [bsuttor]
1.0b11 (2020-03-27)
Also see came_from on request for next url. [bsuttor]
1.0b10 (2020-03-27)
Fix: redirect on homepage. [bsuttor]
Improve next_url login. [bsuttor]
1.0b9 (2020-02-26)
Use state / user_state to redirect to page which apply SSO. [bsuttor]
1.0b8 (2020-02-21)
Set talk less. [bsuttor]
1.0b7 (2020-02-11)
Fix french typo. [bsuttor]
1.0b6 (2020-02-07)
Add plone.app.changeownership dependency. [bsuttor]
1.0b5 (2020-02-07)
Improve python3 compatibility, check if python 2 before safe_utf8. [bsuttor]
1.0b4 (2020-02-07)
Bad release. [bsuttor]
1.0b3 (2020-02-07)
Override plone userlist page to add link to WCA on Plone 5. [bsuttor]
Add zope_login to bypass SSO auth. [bsuttor]
1.0b2 (2020-02-04)
Fix python3 EnumerateUsers. [bsuttor]
Override plone userlist page to add link to WCA. [bsuttor]
1.0b1 (2019-12-16)
Python 3 support. [bsuttor]
1.0a10 (2019-11-18)
Add css for login-page [bsuttor]
Add fr translations. [bsuttor]
1.0a9 (2019-11-05)
Override default login_form template (with z3c.jbot) to allow login with zope admin and an external url set. [bsuttor]
1.0a8 (2019-09-04)
Set Site Manager role to user with admin of service role on Authentic. [bsuttor]
1.0a7 (2019-06-28)
Set Manager role if you are into admin role on Authentic. [bsuttor]
Add Member role to user connected with Authentic. [bsuttor]
1.0a6 (2019-05-20)
Get logout hostname redirect from agents config. [bsuttor]
Add roles scope on agents. [bsuttor]
1.0a5 (2019-05-09)
Add userfactories to connect with email for usagers and with userid of agents. [bsuttor]
1.0a4 (2019-04-26)
Use different OU for usagers and agents. [bsuttor]
1.0a3 (2019-04-25)
Use different usagers and agents environement variables to connect to SOO. [bsuttor]
1.0a2 (2019-04-25)
Use agents and usagers to connect to Plone. [bsuttor]
1.0a1 (2018-03-28)
Initial release. [bsuttor]
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.