1 files changed, 53 insertions, 0 deletions

diff --git a/docs/zcml/repozewho1authenticationpolicy.rst b/docs/zcml/repozewho1authenticationpolicy.rst
new file mode 100644
index 000000000..62713e822
--- /dev/null
+++ b/docs/zcml/repozewho1authenticationpolicy.rst
@@ -0,0 +1,53 @@
+.. _repozewho1authenticationpolicy_directive:
+
+``repozewho1authenticationpolicy``
+----------------------------------
+
+When this directive is used, authentication information is obtained
+from a ``repoze.who.identity`` key in the WSGI environment, assumed to
+be set by :term:`repoze.who` middleware.
+
+Attributes
+~~~~~~~~~~
+
+``identifier_name``
+    The ``identifier_name`` controls the name used to look up the
+    :term:`repoze.who` "identifier" plugin within
+    ``request.environ['repoze.who.plugins']`` which is used by this
+    policy to "remember" and "forget" credentials.  It defaults to
+    ``auth_tkt``.
+
+``callback``
+    The ``callback`` is a Python dotted name to a function passed the
+    repoze.who identity and the request as positional arguments.  The
+    callback is expected to return None if the user represented by the
+    identity doesn't exist or a sequence of group identifiers
+    (possibly empty) if the user does exist.  If ``callback`` is None,
+    the userid will be assumed to exist with no groups.  It defaults
+    to ``None``.
+
+Example
+~~~~~~~
+
+.. code-block:: xml
+   :linenos:
+
+   <repozewho1authenticationpolicy
+    identifier_name="auth_tkt"
+    callback=".somemodule.somefunc"
+    />
+
+Alternatives
+~~~~~~~~~~~~
+
+You may create an instance of the
+:class:`repoze.bfg.authentication.RepozeWho1AuthenticationPolicy` and
+pass it to the :class:`repoze.bfg.configuration.Configurator`
+constructor as the ``authentication_policy`` argument during initial
+application configuration.
+
+See Also
+~~~~~~~~
+
+See also :ref:`authentication_policies_directives_section` and
+:class:`repoze.bfg.authentication.RepozeWho1AuthenticationPolicy`.