Pas plugin use to connect to auth.imio.be
Project description
Install local or remote connector to Imio authentic (SSO).
Features
Override Plone login page
Connect with SSO
Disabled edition of username and e-mail
Connect with JWT
Installation
You need libffi-dev and openssl-dev packages installed (sudo apt install libffi-dev openssl-dev) Install pas.plugins.imio by adding it to your buildout:
[buildout] ... eggs = pas.plugins.imio
And then running bin/buildout
After your instance is up, you can now install pas.plugins.imio from addons page.
Usage
To update list of users, go to one of this view :
/@@add-authentic-users?type=usagers
/@@add-authentic-users?type=agents
To login with an user registred into Plone/Zope instead of pas plugin use this view :
Plone 4: ${portal_url}/login_form
Plone 5.2+: ${portal_url}/zope_login
You can also use plone default view for login with zope admin: aq_parent/@@plone-root-login
How to use JWT
First, add an Openid Connect client to Authentic with these options:
Processus d’autorisation : mot de passe du propriétaire de ressource
Politique des identifiants : identifiant unique
Portée de cession par crédentiels du propriétaire de la ressource : openid
Algorithme de signature IDToken : RSA
Oidc claims : userid | django_user_identifier | openid
Second, you can ask Authentic to get a JWT
Python code example:
import requests url = "http://agents.localhost/idp/oidc/token/" payload = { "grant_type": "password", "client_id": "client-id-plone5-app", "client_secret": "client-secret-plone5-app", "username": "jdoe", "password": "jdoe", "scope": ["openid"], } headers = { "Content-Type": "application/x-www-form-urlencoded", } response = requests.post(url, headers=headers, data=payload).json() id_token = response.get("id_token")
Finally, you can request Plone with bearer header:
import requests url = "http://localhost:8081/imio/test-1/" headers = { "Accept": "application/json", "Authorization": "Bearer {0}".format(id_token), } response = requests.get(url, headers=headers)
Translations
This product has been translated into
English
French
Contribute
Issue Tracker: https://github.com/IMIO/pas.plugins.imio/issues
Source Code: https://github.com/IMIO/pas.plugins.imio
License
The project is licensed under the GPLv2.
Contributors
Benoit Suttor, bsuttor@imio.be
Changelog
2.0.9 (2023-08-31)
Fix login could be id of user. [bsuttor]
Fix byte convertion error on python3. [bsuttor]
2.0.8 (2023-08-18)
Fix bug in users enumeration: wrong user could be retrieved (#4) [laulaz]
Finally check certs on JWT call (except for test). [bsuttor]
Fix creation of user on JWT call and test it. [bsuttor]
2.0.7 (2023-03-28)
Keep old groups during first login. [bsuttor]
2.0.6 (2022-07-18)
Do not verify_signature for jwt call because of error: “Could not deserialize key data”. [bsuttor]
2.0.5 (2022-07-13)
Keep old roles on migration of users. [bsuttor]
2.0.4 (2022-07-13)
Temporary remove pas.app.users override because it do not work on Plone 6. [bsuttor]
Add possibility to remove old user (without login). [bsuttor]
2.0.3 (2022-06-29)
Migration code refactoring & add tests [laulaz]
2.0.2 (2022-06-29)
Add migration code (to new userid) for local roles / ownership [laulaz]
2.0.1 (2022-06-15)
Add posibility to delete user on zmi view. [bsuttor]
Improve user migration code [laulaz]
Verify signature for login with JWT. [bsuttor]
2.0 (2022-06-01)
Get userid and user login for user connected by JWT. [bsuttor]
Allow user search on any parts of id/login/email (not just the start) [laulaz]
Use uuid as plone user.id instead of username. [bsuttor, laulaz]
Be aware of next url when you call auhentic users api. [bsuttor]
Add zmi view of users. [bsuttor]
1.0.11 (2022-04-21)
Revert previous release. [bsuttor]
1.0.10 (2022-04-21)
Nothing changed yet.
1.0.9 (2022-01-19)
Get rid of includeDependencies for Plone 6 compatibility. [laulaz]
1.0.8 (2021-10-15)
Fill username when user is created with JWT. [bsuttor]
1.0.7 (2021-10-15)
Create user with JWT token on first connection. [bsuttor]
1.0.6 (2021-06-01)
Fixed ModuleNotFoundError: No module named ‘App.class_init’ on Zope 5. [bsuttor]
Add JWT support. [bsuttor]
1.0.5 (2021-01-04)
Improve Anysurfer integration. [bsuttor]
Added revoke-user-access page to remove a user from its groups and revoke its roles. [odelaere]
1.0.4 (2020-10-08)
Plugin also provide IUserIntrospection so user from Authentic PAS plugin will also listed in api.user.get_users(). [bsuttor]
Use IItem for Object to redirect imio_login instead of INavigation. It’s solved bug to redirect from other page than root navigation, and so page which required access. [bsuttor]
Fix redirect after login for Plone < 5.2. [odelaere]
1.0.3 (2020-07-30)
Add Plone 5 testing profile. [bsuttor]
1.0.2 (2020-07-16)
Fix(testing profile): dependency of plone4 profile do not exists, use default. [bsuttor]
1.0.1 (2020-07-16)
Add plone 4 testing profile. [bsuttor]
Do not install usager login by default. [bsuttor]
Fix: import zcml permission from plone.app.controlpanel [bsuttor]
1.0.0 (2020-05-29)
Fix: set username on python3 when new user added. [bsuttor]
1.0b11 (2020-03-27)
Also see came_from on request for next url. [bsuttor]
1.0b10 (2020-03-27)
Fix: redirect on homepage. [bsuttor]
Improve next_url login. [bsuttor]
1.0b9 (2020-02-26)
Use state / user_state to redirect to page which apply SSO. [bsuttor]
1.0b8 (2020-02-21)
Set talk less. [bsuttor]
1.0b7 (2020-02-11)
Fix french typo. [bsuttor]
1.0b6 (2020-02-07)
Add plone.app.changeownership dependency. [bsuttor]
1.0b5 (2020-02-07)
Improve python3 compatibility, check if python 2 before safe_utf8. [bsuttor]
1.0b4 (2020-02-07)
Bad release. [bsuttor]
1.0b3 (2020-02-07)
Override plone userlist page to add link to WCA on Plone 5. [bsuttor]
Add zope_login to bypass SSO auth. [bsuttor]
1.0b2 (2020-02-04)
Fix python3 EnumerateUsers. [bsuttor]
Override plone userlist page to add link to WCA. [bsuttor]
1.0b1 (2019-12-16)
Python 3 support. [bsuttor]
1.0a10 (2019-11-18)
Add css for login-page [bsuttor]
Add fr translations. [bsuttor]
1.0a9 (2019-11-05)
Override default login_form template (with z3c.jbot) to allow login with zope admin and an external url set. [bsuttor]
1.0a8 (2019-09-04)
Set Site Manager role to user with admin of service role on Authentic. [bsuttor]
1.0a7 (2019-06-28)
Set Manager role if you are into admin role on Authentic. [bsuttor]
Add Member role to user connected with Authentic. [bsuttor]
1.0a6 (2019-05-20)
Get logout hostname redirect from agents config. [bsuttor]
Add roles scope on agents. [bsuttor]
1.0a5 (2019-05-09)
Add userfactories to connect with email for usagers and with userid of agents. [bsuttor]
1.0a4 (2019-04-26)
Use different OU for usagers and agents. [bsuttor]
1.0a3 (2019-04-25)
Use different usagers and agents environement variables to connect to SOO. [bsuttor]
1.0a2 (2019-04-25)
Use agents and usagers to connect to Plone. [bsuttor]
1.0a1 (2018-03-28)
Initial release. [bsuttor]
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file pas.plugins.imio-2.0.9.tar.gz
.
File metadata
- Download URL: pas.plugins.imio-2.0.9.tar.gz
- Upload date:
- Size: 56.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.10.12
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 157da141dfff135af392b279fd06ee7f50c8d74384da88aab78032743c648e7a |
|
MD5 | 3b0133175aaca9021a0ab421a876ca01 |
|
BLAKE2b-256 | f9e6bd602a86337509922750433333f191e83a0818208f7912422b558c0bd2b6 |
File details
Details for the file pas.plugins.imio-2.0.9-py3-none-any.whl
.
File metadata
- Download URL: pas.plugins.imio-2.0.9-py3-none-any.whl
- Upload date:
- Size: 75.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.10.12
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 1c99234685e7bfe4ab77c810fadcc52fe9b14037a8eaa0eedbd2f8efec5e2ccd |
|
MD5 | 9bc96eca413bda92c728959d6a312a51 |
|
BLAKE2b-256 | 3ad27883e0b475a82dc5373d8109b1e8daf123252bb16232a641fd17d6daa1f7 |