pas.plugins.trustedproxyauth

Release 1.3.0

Authenticates requests coming from a reverse proxy doing user authentication.

Homepage PyPI Python

Keywords
pas, plugins, trusted, proxy, auth, plone
License
GPL-2.0
Install
pip install pas.plugins.trustedproxyauth==1.3.0

Documentation

Introduction

pas.plugins.trustedproxyauth is a PAS plugin for Plone/Zope2 which authenticates requests coming from a trusted reverse proxy where the user name is provided by a HTTP header.

The idea is to delegate user authentication to a reverse proxy (e.g. Apache with mod_auth_kerb) which is placed in front of the Zope instance. For any request coming from the reverse proxy, the user name is extracted from a HTTP header (typically X_REMOTE_USER) that was set by the authenticating proxy server.

Installation

  • Add pas.plugins.trustedproxyauth to the list of eggs in your buildout. Then rerun buildout and restart your instance.
  • In the ZMI go to your acl_users folder and select Trusted Proxy Authentication from the Add menu.
  • Activate the Authentiation and Extraction functionality on the Activate tab. You may want to change the order of the extraction and authentication plugins by moving Trusted Proxy Authentication on top.

Options

The following mandatory settings must be configured:

Trusted Proxy IPs
Specify the ip address of your reverse proxy here. Only requests coming from a trusted ip will be considered for user name extraction. You can specify multiple ip addresses. Defaults to 127.0.0.1.
Login Name Header
The name of the HTTP header containing the users login name. This header must be set by the authentication proxy. Defaults to X_REMOTE_USER.
Require Exisiting PAS User
If disabled, any login name provided in the header is authenticated (recommended). If enabled, only login names that can be looked up with PAS are authenticated.

pas.plugins.trustedproxyauth supports user name transformations that may be needed in combination with some reverse proxies. The following options are supported:

Lowercase Login
Transform the extracted login name to lowercase.
Lowercase Domain
Transform the domain name part of the extracted login name to lowercase. This is useful when using Kerberos authentication and the user id consists of userid@REALM.
Strip NT Domain
Remove the NT domain part from the extracted user name. All user names in the form DOMAIN\userid are transformed to userid.
Strip AD Domain
Remove the AD domain part from the extracted user name. All user names in the form userid@domain are transformed to userid.
User Name Mapping

Specify a custom user name mapping by providing the extracted user name and the mapped user name separated by colon per line.

Example:

user1:guest
user2:admin

Links

Copyright

This package is copyright by 4teamwork.

pas.plugins.trustedproxyauth is licensed under GNU General Public License, version 2.

Stats

Dependencies
0
Dependent packages
0
Dependent repositories
0
Total releases
3
Latest release
First release
Stars
1
Forks
0
Watchers
15
Contributors
3
Repository size
68.4 KB
SourceRank
7

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

1.3.0
1.2
1.1

Contributors

Jonas Baumann Thomas Buchberger Lukas Graf


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2021-12-15 14:01:10 UTC

Login to resync this project