Skip to main content
This is a pre-production deployment of Warehouse. Changes made here affect the production instance of PyPI (pypi.python.org).
Help us improve Python packaging - Donate today!

Metadata caching plugin for repoze.who

Project Description

Introduction

repoze.who.plugins.metadata_cache is a set of plugins for the repoze.who framework that enables the caching and replaying of “one-off” user metadata, specifically targetting SSO requests.

Quick start and Example Applications

Usage with CAS attribute release

You can use a metadata cache plugin with repoze.who.plugins.cas to capture the metadata returned from ticket validation.

To do this, configure a metadata cache plugin with the same name as the attributes_name for the CAS plugin, and ensure you’re using at least CAS version 2 (so set cas_version = 2.0 or higher for the CAS plugin). During ticket validation for CAS, the attributes will be retrieved and placed into the repoze.who identity for the metadata cache plugin to pick up and hold onto.

An example configuration would look like the following. The one main thing to make sure of is that the configuration for the attributes for the CAS plugin matches up with the name configured for the metadata_cache plugin. This very basic configuration stores user attributes in memory (a Python dictionary, specifically).

[plugin:casauth]
use = repoze.who.plugins.cas.main_plugin:make_plugin
cas_url = https://cas.example.com/cas/
cas_version = 3.0
attributes_name = attributes
rememberer_name = auth_tkt

[plugin:metadata_cache]
use = repoze.who.plugins.metadata_cache.memory:make_plugin
name = attributes

...

[identifiers]
plugins =
    casauth
    auth_tkt

[authenticators]
plugins =
    casauth
    auth_tkt

[challengers]
plugins =
    casauth

[mdproviders]
plugins =
    metadata_cache

Web server authentication

You can use a metadata cache plugin with a front-end web server authentication module (for example, Shibboleth) to extract user metadata out of the environment or headers and reduce your dependency on the authentication/web server layers above.

An implementation and example for this will be coming soon.

…and more

You can also extend the classes available here for anything else where user details come into the application via the environment or request (headers, cookies, etc).

If you build something you think is going to useful to the world at large, send a pull request to see if it can be included.

Caution

Be wary of anything upstream - servers, proxies, and especially the client - being able to spoof or inject things into the request or environment that might inadvertently affect the given metadata being used. A careless configuration could compromise security.

Development

To clone this project, and run the test suite, run the following:

git clone git://github.com/davidjb/repoze.who.plugins.metadata_cache.git
cd repoze.who.plugins.metadata_cache
python bootstrap.py
./bin/buildout
./bin/test

Send a pull request with things to fix, new features or whatever you think could be useful. Try to document what you’re doing and keep the code clean. No reasonable pull request refused™.

Credits

  • David Beitey (davidjb), Author

Changes

0.1 (2013-04-24)

  • Initial release. [davidjb]
Release History

Release History

This version
History Node

0.1

Download Files

Download Files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
repoze.who.plugins.metadata_cache-0.1.zip (17.0 kB) Copy SHA256 Checksum SHA256 Source Apr 24, 2013

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting