Posted Dec 03, 2008
WebServerAuth 1.1 saves money on SSL certs
Now you can specify where the login link and challenge handler take you, meaning you don’t need a separate SSL cert for each domain.
WebServerAuth’s config options, including shiny new custom regexes
Some WebLion Hosting pilot customers need to run several Plone sites, each on its own domain, and log into each. WebServerAuth 1.0 assumed it could just stick "https://" in front of wherever you were and thereby evoke the proper login prompt from the web server, but that gets expensive, since it means buying a separate SSL cert for each domain.
WebServerAuth 1.1 lifts that assumption: now you can go crazy with regexes to make your login links and challenge handler redirections point wherever you like. For example, the login links at fred.psu.edu and matilda.psu.edu could point to https://secure.psu.edu/fred and https://secure.psu.edu/matilda (where the user would remain for the remainder of his logged-in stay), making only one SSL cert to buy. Of course, you could buy a wildcard cert instead, but that doesn’t fly at Penn State for various reasons.
1.1 is an easy upgrade. All your old settings will be preserved, and you don’t even need to reinstall it in the Add-on Products control panel until you need fancy, regex-y login links.
Enjoy!
How do you handle permissions?
If this is the wrong place for this question, let me know...it didn't really seem to be appropriate for a ticket, either.
I'm a little fuzzy on how to handle permissions when using WebServerAuth. Since users don't show up in the "Users and Groups" control panel, how does one assign them to groups or roles? The docs don't address that, nor have I been able to find any discussion online covering this topic.
So I've got Authenticated users, and I can go through and update security settings and workflows to grant access to Authenticated users, but that's a lot of work and it doesn't allow me to assign, say, Bob and Alice different levels of access.
Am I just missing something glaringly obvious? Thanks!