We are running Zimbra 6 in a multi-server environment with three store servers. I successfully configured a single server installation of Zimbra to use CAS. However, I am now trying to do the same with a multi-server install and having a problem.
After authenticating correctly to my CAS server, I am not redirected back to the correct page. Specifically, the URL I am coming from as I am redirected to CAS, is not the URL I am being redirected to after I authenticate with CAS. In more detail: I go to https://webmail.zdev.lafayette.edu/ I am then redirected to https://cas.dev.lafayette.edu/cas/login?service=https%3A%2F%2Fzdev.lafayette.edu%3A443%2Fzimbra%2Fpublic%2Fpreauth.jsp Note that instead of having the GET variable for service set to webmail.zdev.lafayette.edu, it is set to zdev.lafayette.edu (my domain). After authenticating I get redirected back to zdev.lafayette.edu (which is my domain not a host so there is no DNS for it aside from an MX record). I should be redirected to webmail.zdev.lafayette.edu. I generated a preauth key for the domain zdev.lafayette.edu (there is no domain for webmail.zdev.lafayette.edu). This key was put into /opt/zimbra/jetty/webapps/zimbra/public/preauth.jsp. I tried updating preauth.jsp's generateRedirect() method to return the hard-coded value where I want the user to be sent and restarted Zimbra but that didn't make a difference: [zimbra@zstore00 DEV ~]$ diff /opt/zimbra/jetty/webapps/zimbra/public/preauth.jsp /opt/zimbra/jetty/webapps/zimbra/public/preauth.jsp~ 23,24c23 < // return request.getScheme()+"://"+request.getServerName()+": ... < return request.getScheme()+"://"+ "webmail.zdev.lafayette.edu" +":"+request.getServerPort()+"/service/preauth/?" + --- > > return request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+"/service/preauth/?" + [zimbra@zstore00 DEV ~]$ I added two beans to the CAS service registry for both URLs (zdev.lafayette.edu and webmail.zdev.lafayette.edu). With both beans in place I get a service ticket on CAS and I am redirected back to Zimbra but still at zdev.lafayette.edu. If I don't have both service entries, then a CAS service ticket is not issued. Has anyone seen this problem or had success casifying Zimbra in a multi-server environment? Thank you for any direction you can offer. Janemarie -- Janemarie Duh Systems Programmer Information Technology Services Lafayette College Easton, PA 18042 610-330-5609 http://its.lafayette.edu ITS will never ask you for your password. Never email your password to anyone. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
