Re: [SOGo] Re: SAML2 authentication requirements

Thu, 23 May 2013 06:49:58 -0700 

Hi,
We worked on SOGo/SAML with Inverse. We've got something almost functional, but there still have some important bugs. 
Currently, the project is not completed.
I think, that's why Inverse has disable SAML support in SOGo 2.0.5 : "don't build SAML support on debian yet" https://github.com/inverse-inc/sogo/commit/dfb8788270ff3b30133417a52c9052fafea19ae2.
You can see our work here http://wiki.auf.org/wikiteki/Projet/SOGo/TestsSAML (in french). 


NM

Le 2013-05-22 16:10, Stephen Ingram a écrit :
After looking more closely at Lasso, it appears that Lasso itself it supposed to provide the functionality of a SP, it just doesn't work. First, the configuration information (from the SOGo manual) is incorrect. The "SOGoSAML2IdpCertificateLocation" is really the CA certificate of the IdP, not the certificate. (Could the variable name should be changed to reflect that, or, at a minimum, the documentation?) Second, the metadata for SOGo (SP) is missing. The manual says that it can be accessed by going to http://<hostname>/SOGo/saml2-metadata. This is also incorrect as that link produces a blank page. Is there a recommended way to generate that file?
On Mon, May 20, 2013 at 10:48 AM, Stephen Ingram <[email protected] <mailto:[email protected]>> wrote: 

    I'm trying to setup SAML2 authentication for SOGo and not sure of
    the requirements. According to the installation guide, only
    changes to to the SOGo configuration are necessary. Of course, you
    must then use something like the crudesaml plugin to handle the
    authentication to the IMAP server, but that is not necessary for
    SOGo itself. I set SOGoAuthenticationType=saml2 along with all of
    the cert and Idp metadata information, but nothing seems to
    happen. I get a proxy error when trying to bring up the login page
    with the log saying:

    GLib-GObject-WARNING **: invalid cast from `LassoLibAuthnRequest'
    to `LassoSamlp2AuthnRequest'

    The installation manual leads you believe that everything is
    automatic beyond the SOGoSAML2... configuration lines in
    sogo.conf. Does SOGo actually do everything including SP
    functionality or do you have to setup something like a Shibboleth
    SP to get things working?

    Also, the metadata link turns up a HTTP 200 with a blank page. Is
    there another way to get the metadata as the IdP obviously needs
    it to work properly?

    Steve




--
[email protected]
https://inverse.ca/sogo/lists

Reply via email to