Couple months ago I created the pas.plugins.membrane, which aims to create and manage membrane users that are generated from ACL users, and OpenID, OAuth, OAuth2 and Saml2 identities.
Repository: https://github.com/JamaicanDevelopers/pas.plugins.membrane
I am currently using this addon on Jamaican Developers Community website.
The add-on allows users to register as a membrane content or profile upon successfully logging into the Plone site, e.g. ACL users without a membrane profile will be promoted to complete their profile (membrane content). This is also done for OpenID, OAuth, OAuth2 and Saml2 identities.
Current implemented features
-
Set which login redirector you wish to use. e.g. pas.plugins.authomatic or saml2, otherwise all login redirector with the normal Plone login form will be shown on the login page
-
Allow the embedding of external login views on the login page with the login form via viewlets.
-
Ability to disable the overriding and redirection from the login page by pas.plugins.authomatic and other external logins
-
Map automatic acl_user identities to membrane users
-
Map acl_users to membrane users
TODOs
- Map new OpenID, OAuth, OAuth2 and Saml2 identities to the existing membrane / acl user. I think the pas.plugins.authomatic does this for ACL users, but it wasn't working for me.
- An interface to manage the various identities
- Write integration tests
- Documentation
Benefits
- Provides single page for various SSO mechanism while keeping the login form intact.
- Manages the various user identities
- Bridging the gap between authentication/authorization and membership
- Manage membrane profiles
Knowledge and Skills requirement
- Python
- Understanding of Plone's Pluggable Authentication Service
Related to The challenge, User as Content and OAuth2 Login Integration and Plone As a Service (PAaS)