Moussa- Thank you. That is an excellent writeup. I had come to the same conclusion that SAML wasn't working in SOGo yet. I saw that SAML was disabled in Debian builds, but I'm using CentOS so I didn't think it applied to me. I was thinking there are packaging issues with CentOS as well, but, based on your experience, there seem to be other problems. I thought Inverse used CentOS as their reference platform, but maybe they are using compiled version to prove SAML. I'd love to know if you have any progress with this in the future.
Steve On Thu, May 23, 2013 at 6:41 AM, Moussa NOMBRÉ <[email protected]>wrote: > Hi, > > We worked on SOGo/SAML with Inverse. We've got something almost > functional, but there still have some important bugs. > Currently, the project is not completed. > > I think, that's why Inverse has disable SAML support in SOGo 2.0.5 : > "don't build SAML support on debian yet" > https://github.com/inverse-inc/sogo/commit/dfb8788270ff3b30133417a52c9052fafea19ae2 > . > > You can see our work here > http://wiki.auf.org/wikiteki/Projet/SOGo/TestsSAML (in french). > > > NM > > Le 2013-05-22 16:10, Stephen Ingram a écrit : > > After looking more closely at Lasso, it appears that Lasso itself it > supposed to provide the functionality of a SP, it just doesn't work. First, > the configuration information (from the SOGo manual) is incorrect. The > "SOGoSAML2IdpCertificateLocation" is really the CA certificate of the IdP, > not the certificate. (Could the variable name should be changed to reflect > that, or, at a minimum, the documentation?) Second, the metadata for SOGo > (SP) is missing. The manual says that it can be accessed by going to > http://<hostname>/SOGo/saml2-metadata. This is also incorrect as that > link produces a blank page. Is there a recommended way to generate that > file? > > > On Mon, May 20, 2013 at 10:48 AM, Stephen Ingram <[email protected]>wrote: > >> I'm trying to setup SAML2 authentication for SOGo and not sure of the >> requirements. According to the installation guide, only changes to to the >> SOGo configuration are necessary. Of course, you must then use something >> like the crudesaml plugin to handle the authentication to the IMAP server, >> but that is not necessary for SOGo itself. I set >> SOGoAuthenticationType=saml2 along with all of the cert and Idp metadata >> information, but nothing seems to happen. I get a proxy error when trying >> to bring up the login page with the log saying: >> >> GLib-GObject-WARNING **: invalid cast from `LassoLibAuthnRequest' to >> `LassoSamlp2AuthnRequest' >> >> The installation manual leads you believe that everything is automatic >> beyond the SOGoSAML2... configuration lines in sogo.conf. Does SOGo >> actually do everything including SP functionality or do you have to setup >> something like a Shibboleth SP to get things working? >> >> Also, the metadata link turns up a HTTP 200 with a blank page. Is there >> another way to get the metadata as the IdP obviously needs it to work >> properly? >> >> Steve >> > > > -- [email protected] https://inverse.ca/sogo/lists
