Hi Bill, thanks for the reply. The Zimbra proxy server is a reverse HTTP proxy (and POP/IMAP server) that hides the mailbox servers from the end user and provides one URL for all users to login (ie. webmail.example.com) and redirects the user to their mailbox server (ie. mail1.example.com or mail2.example.com). When a user hits the proxy, the preauth URL is forwarded and handled by the individual mailbox servers. Mailbox servers work the preauth, redirect to CAS login, where user logs in and get the ticket. However since the ticket is for mail1.example.com, mail.example.com (the proxy) refuses to have anything to do with it, so I assume that the preauth has to reside on the proxy? All connections run through the proxy. Our web team has pointed the CAS service to http*://mail*.example.com:*/** (mailbox servers), shouldn't it point to the proxy?
Hope this helps, -Patrick Patrick A. Treptau Sr. Systems Administrator Swarthmore College phone (610) 328-8508 e-mail [email protected] ----- Original Message ----- From: "William G. Thompson, Jr." <[email protected]> To: [email protected] Cc: "Don Tedesco" <[email protected]>, "Leslie Leach" <[email protected]> Sent: Monday, August 23, 2010 2:18:31 PM Subject: Re: [cas-user] CASiying Zimbra with Proxy When the user hits the Proxy are they immediately redirected to CAS or first to the mailbox which does the redirect? You might just need to get the "service" paramater right based on which mailbox server you want to direct the user to. Or...you might need the CAS Client up at the Zimbra Proxy in addition to the mailbox servers. Can you explain what role the Zimbra Proxy server plays? Does it check AuthN prior to routing the user to the mail server? Is it out the picture at that point, or do all connections run through the Proxy? Bill On Mon, Aug 23, 2010 at 11:08 AM, Patrick A. Treptau <[email protected]> wrote: > We are in the process of CASifying some of our services and ran into > some issues with CASifying Zimbra. We currently have 2 mailbox servers > hooked up to a Zimbra Proxy that redirects the user based on their > mailbox to the correct mail server (IMAP/POP/HTTP). We have gone > through the documents to CASify Zimbra v6, but our web developer hit a > road block with ticket retrieval from Zimbra. Our preauth, along with > the CAS client is hosted on both Zimbra mailbox servers (not the > proxy, is this the problem?). Upon login, the user hits the proxy and > is correctly redirected to CAS, logs in and is granted a ticket, but > the proxy is unaware of the ticket, since the ticket is issued to the > mailbox server, not the proxy. Does anyone have any solution for this > or experience with CASifying Zimbra in a proxied Zimbra environment? > > Any help would be greatly appreciated. We are running CAS 3.3.5 and > Zimbra 6.0.6. > > Thank you very much, > -Patrick > > Patrick A. Treptau > Sr. Systems Administrator > Swarthmore College > phone (610) 328-8508 > e-mail [email protected] > > > -- You are currently subscribed to [email protected] as: > [email protected] To unsubscribe, change settings or access archives, > see http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
