Skip to main content

A PAS plugin for authentication of users in Plone using OIDC.

Project description

ftw.oidcauth

A PAS plugin for authentication of users in Plone using OIDC.

Installation

Add the package to your instance eggs like:

[instance]
eggs +=
    ...
    ftw.oidcauth

Introduction

The OIDC Plone PAS plugin can be added in acl_users/manage_main. After adding a new Plugin it will be listed there and can be configured in detail.

OIDC Authorization Flow

1: Unauthorized User --------redirect--------> Authorization Endpoint
2: Callback View    <--------redirect--------  Authorization Endpoint
3: OIDC Plugin      <-------client call------> Token Endpoint
4: OIDC Plugin      <-------client call------> JWKS Endpoint
5: Validation of Token using the matching JWK
6: OIDC Plugin      <-------client call------> User Info Endpoint
7: Provision user in Plone

Configuration

Once a plugin was added it can be configured by clicking on the plugin in acl_users/manage_main.

Configuration: general configurations (oidc routes, secret…)
Users: manage users within this PAS plugin
Activate: select plugins implemented by the plugin

Don’t forget to add the plugin as the first to be challenged:

  • go to route: http://localhost:8080/Plone/acl_users/plugins/manage_plugins

  • go to Challenge Plugins

  • activate your freshly added plugin and move to the top

Properties Mapping holds the information how to map userinformation. It has to be valid json like:

{
    "plone_property1": "oidc_property1",
    "plone_property2": "oidc_property2",
    ...
}

The Properties Mapping must contain the Plone property userid.

Changelog

1.0.1 (2020-07-28)

  • Fix unicode error. [busykoala]

1.0.0 (2020-07-24)

  • Initial release

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ftw.oidcauth-1.0.1.tar.gz (21.3 kB view details)

Uploaded Source

File details

Details for the file ftw.oidcauth-1.0.1.tar.gz.

File metadata

  • Download URL: ftw.oidcauth-1.0.1.tar.gz
  • Upload date:
  • Size: 21.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.36.1 CPython/3.7.4

File hashes

Hashes for ftw.oidcauth-1.0.1.tar.gz
Algorithm Hash digest
SHA256 82be46587d7aa884aa89dd705983b771239e3546a0c733aa39add5fc1fb92d86
MD5 b549c3ec513e262ba6e160df277fa13f
BLAKE2b-256 9b1720bb44cf89d41b6aa7e43557468d680c10a55cf12d0117a9bb88aa487092

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page