Metadata-Version: 2.4
Name: wcs.adminauth
Version: 2.0.0
Summary: Administrative login for Plone sites using CAS.
Project-URL: Homepage, https://github.com/webcloud7/wcs.adminauth
Project-URL: PyPI, https://pypi.org/project/wcs.adminauth
Project-URL: Source, https://github.com/webcloud7/wcs.adminauth
Project-URL: Tracker, https://github.com/webcloud7/wcs.adminauth/issues
Author-email: webcloud7 <info@webcloud7.ch>
License-Expression: GPL-2.0-only
Keywords: CAS,CMS,Plone,Python
Classifier: Development Status :: 5 - Production/Stable
Classifier: Environment :: Web Environment
Classifier: Framework :: Plone
Classifier: Framework :: Plone :: 6.1
Classifier: Framework :: Plone :: Addon
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Requires-Python: >=3.12
Requires-Dist: lxml
Requires-Dist: plone
Requires-Dist: python-cas==1.6.0
Requires-Dist: requests
Provides-Extra: release
Requires-Dist: zest-pocompile; extra == 'release'
Requires-Dist: zest-releaser[recommended]; extra == 'release'
Requires-Dist: zestreleaser-towncrier; extra == 'release'
Provides-Extra: test
Requires-Dist: paste; extra == 'test'
Requires-Dist: plone-app-testing; extra == 'test'
Requires-Dist: plone-testing; extra == 'test'
Requires-Dist: responses; extra == 'test'
Requires-Dist: zope-testrunner; extra == 'test'
Description-Content-Type: text/x-rst

Introduction
============

This product provides administrative login functionality for Plone sites using
a central authentication server (CAS).

It's goal is to make locally stored passwords for administrative accounts
obsolete and instead authenticate users with their personal, centrally managed
account when logging in with an administrative account to a Plone site.

This is helpful when running a lot of Plone sites and having multiple people
that need administrative access as there's no need to share and manage
administrative passwords.


Compatibility
=============

- Plone 6.1
- Python 3.12, 3.13


Session authentication plugin
-----------------------------

A session authentication PAS plugin is automatically installed in the Zope root
user folder (acl_users) if needed as the root user folder does not provide any
session-based authentication on default installations. The plugin is based on
``plone.session``.

After installation of the session plugin the password of the user defined in ADMIN_AUTH_USERID
is reset to a random value to disable password-based login.


Installation
============

Add ``wcs.adminauth`` to your package dependencies or install it with pip::

    pip install wcs.adminauth


Usage
=====

Open the ``@@adminauth`` view in your browser and you will get authenticated as
the ``adminuser`` user.

You can specify a different userid by providing it as an url parameter:
e.g. ``@@adminauth?userid=john``.


CAS Server URL
==============

The CAS Server URL options has to be provided via environment variables.

Example::

    ADMIN_AUTH_CAS_SERVER_URL=https://cas.example.com/

Admin users id
==============

You need to define what user the plugin should use as central admin user (default is admin).

Example::

    ADMIN_AUTH_USERID=admin

Copyright
=========

The package is based on ftw.zopemaster (GNU General Public License, version 2)


``wcs.adminauth`` is licensed under GNU General Public License, version 2.
