Thanks Philippe , i already got it working in zimbra 7 , we are trying at present in zimbra 8 , looks zimbra 8 has a lot more on sso , each domain sso can be configured through admin interface, i would update wiki once i achieve that.
There is one issue with zimbra + cas integration , i am not able to configure any mail client once i integrate zimbra 7 server with cas. Is that you also faced ? On Tue, Jul 16, 2013 at 3:48 AM, Philippe Marasse < [email protected]> wrote: > Hello, > > We use CAS to authenticate our zimbra users since Zimbra 6, it works very > well but the "official" documentation is not very clear IMHO... A few > things to think about : > > Zimbra side : > - Use preauthentication scheme, as I remember, a simple application has > to compute a HMAC and provide zimbra the mail + timestamp + hmac to "do" > the zimbra authentication. > > CAS Side : > - Unless you use mail as CAS principal, you'll have to deal with > attributes ( > https://wiki.jasig.org/**display/CASUM/Attributes<https://wiki.jasig.org/display/CASUM/Attributes>). > Attribute release will be done via SAML ticket validation only > > Preauthentication application : > - As we've encoutered some difficulties to do the job with JSP, we wrote > a little PHP page that uses php-cas library, validation is done via SAML of > course. > > From a freshly started client browser, the following pages will be seen : > - Open Zimbra login page > - => redirect to login page specified in zimbra configuration (aka PHP > preauth app) > - => redirect to CAS > - => redirect to PHP preauth APP with Service Ticket > - => redirect to Zimbra preauth page with a few parameters (mail, > timestamp, hmac) > - Zimbra mail opened :-) > > Rgds. > > Le 17/06/2013 19:30, ritesh a écrit : > >> Hello iam trying to integrate zimbra 8.0 with cas , cas is configured >> with ldap. And zimbra is configured according the doc available for cas >> configuration with zimbra on the internet. The problem i face is when i >> open zimbra url it redirects me the cas url where i enter my ldap(uid & >> password) credentials , once authenticated , zimbra gives me a error of >> mail id not recognized. >> At present deployerconfiguration.xml of cas only knows about uid >> attribute of ldap. Is it needed to know mail attribute also, even cas >> should also permit login through mailid and password ? >> If i would like to enable mail attribute also in cas , how would i do >> that , if someone has already done that please share it. >> >> Regards, >> Ritesh >> > > -- * With Regards * * Ritesh Nanda * *** * <http://www.ericsson.com/> -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
