Couple months ago I created the pas.plugins.membrane, which aims to create and manage membrane users that are generated from ACL users, and OpenID, OAuth, OAuth2 and Saml2 identities.
I am currently using this addon on Jamaican Developers Community website.
The add-on allows users to register as a membrane content or profile upon successfully logging into the Plone site, e.g. ACL users without a membrane profile will be promoted to complete their profile (membrane content). This is also done for OpenID, OAuth, OAuth2 and Saml2 identities.
Current implemented features
Set which login redirector you wish to use. e.g. pas.plugins.authomatic or saml2, otherwise all login redirector with the normal Plone login form will be shown on the login page
Allow the embedding of external login views on the login page with the login form via viewlets.
Ability to disable the overriding and redirection from the login page by pas.plugins.authomatic and other external logins
Map automatic acl_user identities to membrane users
Map acl_users to membrane users
- Map new OpenID, OAuth, OAuth2 and Saml2 identities to the existing membrane / acl user. I think the pas.plugins.authomatic does this for ACL users, but it wasn't working for me.
- An interface to manage the various identities
- Write integration tests
- Provides single page for various SSO mechanism while keeping the login form intact.
- Manages the various user identities
- Bridging the gap between authentication/authorization and membership
- Manage membrane profiles
Knowledge and Skills requirement
- Understanding of Plone's Pluggable Authentication Service
Related to The challenge, User as Content and OAuth2 Login Integration and Plone As a Service (PAaS)