Issue with WebServerAuth Add-on

Created issue in GitHub Repo regarding the issue. (I am not allowed to add links here): /collective/Products.WebServerAuth/issues/1

WebServerAuth not installing properly:

Plone installed with:

Plone 5.2.0
Python 3.6.8

webserverauth installs and creates folder in portal_skins but does not contain the login_form Filesystem Controller Page Template

web_server_auth (WebServerAuth Plugin) does not appear in acl_users after Add-on activation/install

Any assistance and/or guidance is appreciated.

Thanks!
Joshua

Hello Joshua, welcome to the online community website. This Plone add'on doesn't seem to have been updated in the last years and there is a very good chance it hasn't been checked or updated yet for Python3.

My colleague @mauritsvanrees presented three different PAS authentication plugins he has written for customers in the last year. One of them is I think a good substitution for WebServerAuth. Check his blog and the repo:

https://maurits.vanrees.org/weblog/archive/2019/10/maurits-van-rees-3-authentication-add-ons

Cheers,

Fred

1 Like

Pas plugins don't change so often, and last modification was about Plone 5. My bet is the setup don't run, maybe running the profile by hand in portal_quickinstaller should work.

Thanks for the suggestion regarding pas.plugins.headers :slight_smile:

Unfortunately I am receiving an error, "ModuleNotFoundError: No module named 'Globals''' in regards to pas.plugins.headers when starting the instance in foreground mode after running buildout. Researching the error now to see if I can get around it.

https://docs.plone.org/manage/upgrading/version_specific_migration/upgrade_to_52.html#zope-4-0

The deprecated module `Globals` was removed. Example:

old:

import Globals
develoment_mode = Globals.DevelopmentMode

new

from App.config import getConfiguration
develoment_mode = getConfiguration().debug_mode

@mauritsvanrees

Yes, I am just looking at that. :slight_smile: Expect a PR soon.

2 Likes

I have released pas.plugins.headers 1.0.1 with a fix.

2 Likes

The update installs and everything appears to be working. Now onto working on connecting/adapting to our current authentication services. Thanks for the quick turnaround!

-Jz

1 Like

Hi Joshua – I’ve bumped your permissions so you can post links now. (We had to tighten security to block spammers).

1 Like

Hi @mauritsvanrees do you think this plugin will work with Plone 6? I'm looking for an alternative to webserverauth which does not work for Plone 5.2/Plone 6 (I suppose, looking at the issues).

You mean pas.plugins.headers? I have not tried, but I expect that it will work. The base PAS code in Zope/Plone does not change much.
It is tested on Plone 5.2 and Py 3. I should update it to test on Plone 6 as well, and move to tox and GitHub Actions. I don't have immediate plans for that.

2 Likes

I confirm it works, I mean the site does not explode. But I've a problem, I cannot get the REMOTE_USER from the apache web server (with mod_shib), so I cannot test it in functionality. With other Plone4 sites I can, I print the env and I can see remote_user (actually http_x_remote_user because of other rewritings). With Plone6 (but I think Plone5 should be the same) I don't see them. How are you getting them from the webserver? Do I need (wsgi?) something else?

@dataflake (if it is a Zope thing, sorry if not)

I've solved, for details here: https://community.plone.org/t/experience-with-shibboleth-and-autousermakerpasplugin/7900/6

Basically, zope/plone removes the X_ request environment headers. Just use a different name (not starting with X_ which was my default...) and it worked.

A great plugin, easy to configure/install (uninstalls cleanly), and do what you would expect from it.

Ah, good that it works!

I have meanwhile updated the package to use tox and GitHub Actions and it is now also tested on Plone 6. No code changes were needed, except unrelated details in the tests.

Yes, getting Apache/nginx and Zope/Plone/PAS to agree on headers can be tricky. There are browser extensions that you can use to test this, adding extra headers, but it is tricky there as well. A header FOO may end up in Plone as X-FOO or HTTP_X_Foo, and I am never sure if you should use underscores or dashes, so I prefer not using any of them if possible.

Plone Foundation Code of Conduct