Glad you got it working. Bill
On 8/23/10, Patrick A. Treptau <[email protected]> wrote: > Hi Bill, > > it actually looks like we were able to resolve the issue by restarting the > proxy server. > > From the Zimbra forums: "We've been using CAS (the one bundled with SunGard > Luminis) with the zimbra proxy without any issues for a while now. One thing > I've notice is that the proxy is very sensitive to changes and will need > stopping and starting if there has been a change to the mailbox server's > zimbra.web.xml.in config file or the preauth.jsp page." > > http://www.zimbra.com/forums/administrators/42683-casifying-zimbra-zimbra-proxy.html > > Duh. > > Thank you for your help! > -Patrick > > Patrick A. Treptau > Sr. Systems Administrator > Swarthmore College > phone (610) 328-8508 > e-mail [email protected] > > ----- Original Message ----- > From: "William G. Thompson, Jr." <[email protected]> > To: [email protected] > Cc: "Don Tedesco" <[email protected]>, "Leslie Leach" > <[email protected]> > Sent: Monday, August 23, 2010 3:28:19 PM > Subject: Re: [cas-user] CASiying Zimbra with Proxy > > On Mon, Aug 23, 2010 at 3:01 PM, Patrick A. Treptau > <[email protected]> wrote: >> Hi Bill, >> >> thanks for the reply. The Zimbra proxy server is a reverse HTTP proxy >> (and POP/IMAP server) that hides the mailbox servers from the end user >> and provides one URL for all users to login (ie. webmail.example.com) >> and redirects the user to their mailbox server (ie. mail1.example.com >> or mail2.example.com). When a user hits the proxy, the preauth URL is >> forwarded and handled by the individual mailbox servers. Mailbox >> servers work the preauth, redirect to CAS login, where user logs in >> and get the ticket. However since the ticket is for mail1.example.com, >> mail.example.com (the proxy) refuses to have anything to do with it, >> so I assume that the preauth has to reside on the proxy? All >> connections run through the proxy. Our web team has pointed the CAS >> service to http*://mail*.example.com:*/** (mailbox servers), shouldn't >> it point to the proxy? > > Yes. It sounds like you need the CAS client at the Proxy Server so that > CAS. > > Bill > > > > > >> >> Hope this helps, >> -Patrick >> >> Patrick A. Treptau >> Sr. Systems Administrator >> Swarthmore College >> phone (610) 328-8508 >> e-mail [email protected] >> >> ----- Original Message ----- >> From: "William G. Thompson, Jr." <[email protected]> >> To: [email protected] >> Cc: "Don Tedesco" <[email protected]>, "Leslie Leach" >> <[email protected]> >> Sent: Monday, August 23, 2010 2:18:31 PM >> Subject: Re: [cas-user] CASiying Zimbra with Proxy >> >> When the user hits the Proxy are they immediately redirected to CAS or >> first to the mailbox which does the redirect? You might just need to >> get the "service" paramater right based on which mailbox server you >> want to direct the user to. >> >> Or...you might need the CAS Client up at the Zimbra Proxy in addition >> to the mailbox servers. >> >> Can you explain what role the Zimbra Proxy server plays? Does it >> check AuthN prior to routing the user to the mail server? Is it out >> the picture at that point, or do all connections run through the >> Proxy? >> >> Bill >> >> On Mon, Aug 23, 2010 at 11:08 AM, Patrick A. Treptau >> <[email protected]> wrote: >>> We are in the process of CASifying some of our services and ran into >>> some issues with CASifying Zimbra. We currently have 2 mailbox >>> servers hooked up to a Zimbra Proxy that redirects the user based on >>> their mailbox to the correct mail server (IMAP/POP/HTTP). We have >>> gone through the documents to CASify Zimbra v6, but our web developer >>> hit a >>> road block with ticket retrieval from Zimbra. Our preauth, along with >>> the CAS client is hosted on both Zimbra mailbox servers (not the >>> proxy, is this the problem?). Upon login, the user hits the proxy and >>> is correctly redirected to CAS, logs in and is granted a ticket, but >>> the proxy is unaware of the ticket, since the ticket is issued to the >>> mailbox server, not the proxy. Does anyone have any solution for this >>> or experience with CASifying Zimbra in a proxied Zimbra environment? >>> >>> Any help would be greatly appreciated. We are running CAS 3.3.5 and >>> Zimbra 6.0.6. >>> >>> Thank you very much, >>> -Patrick >>> >>> Patrick A. Treptau >>> Sr. Systems Administrator >>> Swarthmore College >>> phone (610) 328-8508 >>> e-mail [email protected] >>> >>> >>> -- You are currently subscribed to [email protected] as: >>> [email protected] To unsubscribe, change settings or access archives, >>> see http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >> >> -- You are currently subscribed to [email protected] as: >> [email protected] To unsubscribe, change settings or access >> archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> -- You are currently subscribed to [email protected] as: >> [email protected] To unsubscribe, change settings or access archives, >> see http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > -- You are currently subscribed to [email protected] as: > [email protected] To unsubscribe, change settings or access > archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- Sent from my mobile device -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
