Setting a pre-authenticated user (no password in auth db) as "logged in" for web2py app

[Davidiam]

Hello,

We pre-authenticate users outside of web2py via SAML and the user lands on a page where he can choose from a list of applications.

When the user selects an application, he needs to be set as "logged in" for that web2py application as long as there his userid exists in the auth table (no password)..

I do not see any login method that allows us to just say : "set this user as logged in".

The closest I see is the "login_bare" function, but that expects a password and these users do not have a password entry in the auth table.

Any ideas on the best way to handle this scenario ?  

Note : I would really like to avoid using the SAML login modules as these are an uphill battle on Windows IIS and we already have a working authentication for the users via Shibboleth SP.

Kind Regards,

David

[Ruslan Gareev]

Hi, i think that a "login_user" method in AuthApi meets your reqests.

четверг, 17 октября 2019 г., 13:33:43 UTC+5 пользователь Davidiam написал:

[Davidiam]

Thank you for your reply.  It looks to me that that method should do the trick.  

I will try it out today and give an update afterward.

Kind Regards,

David

[Davidiam]

Hello Ruslan,

I tried to use the "authapi.login_user" method but it looks to me like the login_bare method works better and requires less coding to make it work.

I currently have added the login code to the "user" method in the "default.py".  

When I used the "authapi.login_user" method, it logs my user in, but still displays the login window instead of skipping it as I would like.

When I use the "login_bare" method, it does not display the login window.

Thanks you for you time, 

On Thursday, October 17, 2019 at 4:59:54 PM UTC+2, Ruslan Gareev wrote:

[Ruslan Gareev]

Hi. How did you used login_user method? Is it was like this:

auth.login_user(user)

?

пятница, 18 октября 2019 г., 18:34:31 UTC+5 пользователь Davidiam написал:

[Davidiam]

Hello Ruslan,

I used this syntax in the user method of the default.py controller for my app :

    user = authapi.login_user(user)  # in your original reply you recommended the Authapi method, so I used that one.

This worked, and my user was logged in, but the user login form which was still displayed afterward.  

If I used the login_bare method it does not display the login form.

Kind Regards,

David

[Ruslan Gareev]

Sorry for some unspelling ) It must be auth.login_user().

Auth class extends AuthApi class. So you do not need use authapi.login_user. And there is a `settings.renew_session_onlogin` in login_user, and i think that it is equal to False, and your session is not renewed, when you using authapi.login_user. In Auth class this variable equals to True.

вторник, 22 октября 2019 г., 14:17:47 UTC+5 пользователь Davidiam написал:

[Davidiam]

Thanks!  I will try this and get back to you ;-)