Hi Mj, I was sure to have seen that problem in an old post, and indeed I found it, and it was from you :) (https://www.mail-archive.com/[email protected]/msg27428.html)
Was the solution given in the answer not good? Thanks, Kenny On 19/07/20 16:51, mj ([email protected]) wrote: > Hi Kenny, > > In the past, we also setup a PoC with SOGo / keycloak / SAML2. For > IMAP authentication, we used: > https://github.com/ck-ws/pam-script-saml > > But because of the SAML2 sessions timeing out, we went back to regular > LDAP auth. We would like to move to SAML2, so we're following the > recent SAML2 list threads with interest. > > MJ > > On 7/19/20 2:02 PM, Jeroen van Os ([email protected]) wrote: >> Hi Kenny, >> >> I have been trying to get SAML to work with SOGo as well. In Keycloak >> the following configuration works: >> >> Client scopes: none >> Mappers: fill in "email" and "username" with information from your >> credentials provider >> Set scope to "full scope allowed" >> >> In the SOGo config file we have this line, the rest is similar to >> what you provided: >> SOGoSAML2LoginAttribute = username; >> >> Don't forget to take into account that even if you get SAML to work, >> the connection to your IMAP and SMTP server may not work. Because >> SOGo has no knowledge of the user's password, it cannot authenticate >> against regular IMAP and SMTP servers that expect user credentials >> for authorization. So you will need to find a way to authenticate >> without knowing the user's password. >> >> Kind regards, >> Jeroen >> >> >> Op 18/07/2020 om 22:19 schreef "la.jolie@paquerette" >> ([email protected]): >>> Going on with my attemps to connect Sogo to LemonLdap, I tried also >>> with >>> the SAML protocol. >>> Few weeks ago, I first tried with Keycloak >>> (https://www.mail-archive.com/[email protected]/msg29805.html), but I >>> didn't >>> find a solution. >>> >>> Unfortunately, with LemonLdap, I have the same error: >>> ------------ >>> |SOGo| starting method 'POST' on uri '/SOGo/saml2-signon-post' >>> |SOGo| traverse(acquire): SOGo => saml2-signon-post >>> |SOGo| do traverse name: 'SOGo' >>> |SOGo| do traverse name: 'saml2-signon-post' >>> |SOGo| set clientObject: <SOGo[0x0x5638236b2630]: name=SOGo> >>> sogod[8630:8630] EXCEPTION: <NSException: 0x563823b60f20> >>> NAME:NSInvalidArgumentException REASON:Tried to add nil value for key >>> 'login' to dictionary INFO:{} >>> |SOGo| request took 0.013806 seconds to execute >>> <0x0x563823b8f410[WOResponse]> Zipping of response disabled >>> 127.0.0.1 "POST /SOGo/saml2-signon-post HTTP/1.1" 501 0/7289 0.019 - >>> - 692K >>> ---------------- >>> >>> I'm back to the post https://sogo.nu/bugs/view.php?id=4441 >>> Alas, no clue what Sogo is waiting. >>> >>> I attached a saml token example LemonLdap send back to Sogo. >>> For the attribute with my mail (for the login), I tried the name mail, >>> email & login, but same error. >>> >>> What is the attribute name Sogo wants for the key 'login'? >>> Is something wrong with the Saml token Sogo is receiving from >>> LemonLdap? >>> >>> Thanks, >>> Kenny >>> >>> >>> My Sogo config: >>> ---- >>> SOGoProfileURL = >>> "mysql://yyyyyyy:[email protected]:3306/sogo/sogo_user_profile"; >>> OCSFolderInfoURL = >>> "mysql://yyyyyyy:[email protected]:3306/sogo/sogo_folder_info"; >>> OCSSessionsFolderURL = >>> "mysql://yyyyyyy:[email protected]:3306/sogo/sogo_sessions_folder"; >>> OCSEMailAlarmsFolderURL = >>> "mysql://yyyyyyy:[email protected]:3306/sogo/sogo_alarms_folder"; >>> SOGoLanguage = English; >>> SOGoAppointmentSendEMailNotifications = YES; >>> SOGoMailingMechanism = smtp; >>> SOGoSMTPServer = 127.0.0.1; >>> SOGoTimeZone = UTC; >>> SOGoSentFolderName = Sent; >>> SOGoTrashFolderName = Trash; >>> SOGoDraftsFolderName = Drafts; >>> SOGoIMAPServer = "imap://localhost:143/"; >>> SOGoSieveServer = "sieve://localhost:4190/"; >>> SOGoIMAPAclConformsToIMAPExt = YES; >>> SOGoVacationEnabled = NO; >>> SOGoForwardEnabled = NO; >>> SOGoSieveScriptsEnabled = NO; >>> SOGoFirstDayOfWeek = 0; >>> SOGoMailMessageCheck = manually; >>> SOGoMailAuxiliaryUserAccountsEnabled = NO; >>> SOGoMemcachedHost = 127.0.0.1; >>> >>> SOGoCacheCleanupInterval = 3600; >>> SOGoAuthenticationType = saml2; >>> NGImap4AuthMechanism = PLAIN; # tried without the option too >>> SOGoSAML2PrivateKeyLocation = "/etc/sogo/saml.pem"; >>> SOGoSAML2CertificateLocation = "/etc/sogo/saml.crt"; >>> SOGoSAML2IdpMetadataLocation = "/etc/sogo/idp-metadata.xml"; >>> SOGoSAML2IdpPublicKeyLocation = "/etc/sogo/idp-public.key"; >>> SOGoSAML2IdpCertificateLocation = "/etc/sogo/idp-public.key"; >>> SOGoSAML2LoginAttribute = mail; >>> SOGoSAML2LogoutEnabled = YES; >>> SOGoSAML2LogoutURL = "https://xxxxxxxx";; >>> >>> WOWorkersCount = 10; >>> >>> SOGoEASDebugEnabled = YES; >>> GCSFolderDebugEnabled = YES; >>> GCSFolderStoreDebugEnabled = YES; >>> LDAPDebugEnabled = YES; >>> MySQL4DebugEnabled = YES; >>> NGImap4DisableIMAP4Pooling = YES; >>> ImapDebugEnabled = YES; >>> OCSFolderManagerSQLDebugEnabled = YES; >>> PGDebugEnabled = YES; >>> SOGoDebugRequests = YES; >>> SOGoMailKeepDraftsAfterSend = YES; >>> SOGoUIxDebugEnabled = YES; >>> SoDebugObjectTraversal = YES; >>> SoSecurityManagerDebugEnabled = YES; >>> WODontZipResponse = YES; >>> WODebugZipResponse = YES; >>> } >>> -------- >> -- [email protected] https://inverse.ca/sogo/lists
