[TYPO3] Installing a sysext

Dmitry Dulepov dmitry at typo3.org
Fri Oct 3 15:24:01 CEST 2008


Hi!

Xavier Perseguers wrote:
> Great! I thought of "chain authentication" but you answered before I 
> could clear my ideas ;-) Thus I'll only have to lower my priority to 
> fall between openid and the standard authentication.
> 
> But as I read your code, this let's an OpenID authentication bypass 
> completely my "business" authentication process, which cannot invalidate 
> an existing FE/BE user to log in based on some business logic.
> 
> Currently I do what is needed to make authentication work, that is get 
> user / authenticate user against an external source and when it's OK, 
> create/update the FE/BE user in TYPO3 in order to actually let the user 
> enter. Now if the business authentication process fails, although the 
> user once could enter (no access granted anymore for instance), this 
> process lets me deactivate his/her account on TYPO3 side. With the chain 
> authentication, the user will always be able to authenticate using 
> OpenID and I should rely on non-openID account to deactivate accounts 
> that needs this or on cron job, which is not very cool.

I understand the use case but I do not see a general solution. What if in future you will need to authenticate using LDAP and then with your business authentication? You will not have a chance again.


I think the solution should be more generic. May be you can use a hook after the authentication (in TSFE) to logout user if it does not exist anymore. This will always work, regardless of number of services.

-- 
Dmitry Dulepov
TYPO3 Core team
My TYPO3 book: http://www.packtpub.com/typo3-extension-development/book
In the blog: http://typo3bloke.net/post-details/duplicate_content_with_realurl/


More information about the TYPO3-english mailing list