Hi, Am 19. April 2012 17:50 CEST, Federico Alberto Sayd <[email protected]> schrieb: > > Passing username/password server-side to client-side (sogo->js) is a bad > > idea because of the security of js. > I know but the jabber clients that I found are implemented in client > side javascript You want to implement a type of Single-Sign-On for the jabber client. Compare the architecture of SOGo with your clients - all stuff in SOGo will be done at the server side, which is by definition a secure site. The user (and its client aka browser ) never will see a password again after login - thats makes it a bit secure. For your problem I would suggest searching a serverside driven solution with a lightweight browser client. Then look if this solution accepts login via htaccess-logon-dialogs AND switch SOGo to accept this one instead using the form-login (there is a documentet switch in the configuration, please search for it). Give it a try if this could be a way. If not - maybe you have a look for CAS (when your Jabber-Client speaks CAS).
My personal opinion: stop try to integrate your jabber with SOGo. I think it is better to use a platform client for Win, Unix etc., which authenticates against the source SOGo uses. -- Greetings, Martin Rabl -- [email protected] https://inverse.ca/sogo/lists
