On Mon, Aug 23, 2010 at 3:01 PM, Patrick A. Treptau <[email protected]> wrote: > Hi Bill, > > thanks for the reply. The Zimbra proxy server is a reverse HTTP proxy (and > POP/IMAP server) that hides the mailbox servers from the end user and > provides one URL for all users to login (ie. webmail.example.com) and > redirects the user to their mailbox server (ie. mail1.example.com or > mail2.example.com). When a user hits the proxy, the preauth URL is forwarded > and handled by the individual mailbox servers. Mailbox servers work the > preauth, redirect to CAS login, where user logs in and get the ticket. > However since the ticket is for mail1.example.com, mail.example.com (the > proxy) refuses to have anything to do with it, so I assume that the preauth > has to reside on the proxy? All connections run through the proxy. Our web > team has pointed the CAS service to http*://mail*.example.com:*/** (mailbox > servers), shouldn't it point to the proxy?
Yes. It sounds like you need the CAS client at the Proxy Server so that CAS. Bill > > Hope this helps, > -Patrick > > Patrick A. Treptau > Sr. Systems Administrator > Swarthmore College > phone (610) 328-8508 > e-mail [email protected] > > ----- Original Message ----- > From: "William G. Thompson, Jr." <[email protected]> > To: [email protected] > Cc: "Don Tedesco" <[email protected]>, "Leslie Leach" > <[email protected]> > Sent: Monday, August 23, 2010 2:18:31 PM > Subject: Re: [cas-user] CASiying Zimbra with Proxy > > When the user hits the Proxy are they immediately redirected to CAS or > first to the mailbox which does the redirect? You might just need to > get the "service" paramater right based on which mailbox server you > want to direct the user to. > > Or...you might need the CAS Client up at the Zimbra Proxy in addition > to the mailbox servers. > > Can you explain what role the Zimbra Proxy server plays? Does it > check AuthN prior to routing the user to the mail server? Is it out > the picture at that point, or do all connections run through the > Proxy? > > Bill > > On Mon, Aug 23, 2010 at 11:08 AM, Patrick A. Treptau > <[email protected]> wrote: >> We are in the process of CASifying some of our services and ran into >> some issues with CASifying Zimbra. We currently have 2 mailbox servers >> hooked up to a Zimbra Proxy that redirects the user based on their >> mailbox to the correct mail server (IMAP/POP/HTTP). We have gone >> through the documents to CASify Zimbra v6, but our web developer hit a >> road block with ticket retrieval from Zimbra. Our preauth, along with >> the CAS client is hosted on both Zimbra mailbox servers (not the >> proxy, is this the problem?). Upon login, the user hits the proxy and >> is correctly redirected to CAS, logs in and is granted a ticket, but >> the proxy is unaware of the ticket, since the ticket is issued to the >> mailbox server, not the proxy. Does anyone have any solution for this >> or experience with CASifying Zimbra in a proxied Zimbra environment? >> >> Any help would be greatly appreciated. We are running CAS 3.3.5 and >> Zimbra 6.0.6. >> >> Thank you very much, >> -Patrick >> >> Patrick A. Treptau >> Sr. Systems Administrator >> Swarthmore College >> phone (610) 328-8508 >> e-mail [email protected] >> >> >> -- You are currently subscribed to [email protected] as: >> [email protected] To unsubscribe, change settings or access archives, >> see http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > -- You are currently subscribed to [email protected] as: > [email protected] To unsubscribe, change settings or access > archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
