On 16/07/2013 12:55, Ritesh Nanda wrote:
Thanks Philippe , i already got it working in zimbra 7 , we are trying at present in zimbra 8 , looks zimbra 8 has a lot more on sso , each domain sso can be configured through admin interface, i would update wiki once i achieve that.
Interesting indeed. For now, we've not moved yet to Zimbra 8.
I suppose you're talking about clients like Thunderbird, Outlook, etc ? The point is these clients are authenticated through Zimbra (via builtin ldap accounts or in our case AD account). With Zimbra 6 & 7, authentication of these clients completely ignores CAS.There is one issue with zimbra + cas integration , i am not able to configure any mail client once i integrate zimbra 7 server with cas. Is that you also faced ?
Rgds.
On Tue, Jul 16, 2013 at 3:48 AM, Philippe Marasse <[email protected] <mailto:[email protected]>> wrote:Hello, We use CAS to authenticate our zimbra users since Zimbra 6, it works very well but the "official" documentation is not very clear IMHO... A few things to think about : Zimbra side : - Use preauthentication scheme, as I remember, a simple application has to compute a HMAC and provide zimbra the mail + timestamp + hmac to "do" the zimbra authentication. CAS Side : - Unless you use mail as CAS principal, you'll have to deal with attributes ( https://wiki.jasig.org/display/CASUM/Attributes ). Attribute release will be done via SAML ticket validation only Preauthentication application : - As we've encoutered some difficulties to do the job with JSP, we wrote a little PHP page that uses php-cas library, validation is done via SAML of course. From a freshly started client browser, the following pages will be seen : - Open Zimbra login page - => redirect to login page specified in zimbra configuration (aka PHP preauth app) - => redirect to CAS - => redirect to PHP preauth APP with Service Ticket - => redirect to Zimbra preauth page with a few parameters (mail, timestamp, hmac) - Zimbra mail opened :-) Rgds. Le 17/06/2013 19:30, ritesh a écrit : Hello iam trying to integrate zimbra 8.0 with cas , cas is configured with ldap. And zimbra is configured according the doc available for cas configuration with zimbra on the internet. The problem i face is when i open zimbra url it redirects me the cas url where i enter my ldap(uid & password) credentials , once authenticated , zimbra gives me a error of mail id not recognized. At present deployerconfiguration.xml of cas only knows about uid attribute of ldap. Is it needed to know mail attribute also, even cas should also permit login through mailid and password ? If i would like to enable mail attribute also in cas , how would i do that , if someone has already done that please share it. Regards, Ritesh -- * With Regards * * Ritesh Nanda * *** *
smime.p7s
Description: S/MIME Cryptographic Signature
