Hello,
We use CAS to authenticate our zimbra users since Zimbra 6, it works
very well but the "official" documentation is not very clear IMHO... A
few things to think about :
Zimbra side :
- Use preauthentication scheme, as I remember, a simple application
has to compute a HMAC and provide zimbra the mail + timestamp + hmac to
"do" the zimbra authentication.
CAS Side :
- Unless you use mail as CAS principal, you'll have to deal with
attributes ( https://wiki.jasig.org/display/CASUM/Attributes ).
Attribute release will be done via SAML ticket validation only
Preauthentication application :
- As we've encoutered some difficulties to do the job with JSP, we
wrote a little PHP page that uses php-cas library, validation is done
via SAML of course.
From a freshly started client browser, the following pages will be seen :
- Open Zimbra login page
- => redirect to login page specified in zimbra configuration (aka
PHP preauth app)
- => redirect to CAS
- => redirect to PHP preauth APP with Service Ticket
- => redirect to Zimbra preauth page with a few parameters (mail,
timestamp, hmac)
- Zimbra mail opened :-)
Rgds.
Le 17/06/2013 19:30, ritesh a écrit :
Hello iam trying to integrate zimbra 8.0 with cas , cas is configured with ldap.
And zimbra is configured according the doc available for cas configuration with
zimbra on the internet. The problem i face is when i open zimbra url it redirects
me the cas url where i enter my ldap(uid & password) credentials , once
authenticated , zimbra gives me a error of mail id not recognized.
At present deployerconfiguration.xml of cas only knows about uid attribute of
ldap. Is it needed to know mail attribute also, even cas should also permit
login through mailid and password ?
If i would like to enable mail attribute also in cas , how would i do that , if
someone has already done that please share it.
Regards,
Ritesh
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
