Results 1 to 9 of 9

Thread: Redirect Zimbra's login/logout to site's own web auth

  1. #1
    Join Date
    Feb 2008
    Posts
    26
    Rep Power
    7

    Default Redirect Zimbra's login/logout to site's own web auth

    Followed Zimbra's preauth documentation, we have set up Apache servers as Zimbra webmail's front-ent; Users login to these servers, and after the authenticate, they are redirected their Zimbra mailbox. We also configured zimbraWebClientLogoutURL and zimbraWebClientLoginURL on Zimbra servers so that when users go directly to their ZCS mailboxes by hostname, they are redirected to our pre-auth Apache server.

    This all works well, except that, when a user let his/her Zimbra web mail sit until its session expires, then the Zimbra's login box will show up, and the user can still login from there, instead of being redirected to our webauth server.

    How do I disable that login window to not allow logon from there, and users have to reload the page or type the pre-auth server's URL to go to our webauth servers?

    Xueshan

  2. #2
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Your professional services contact can help you tweak /opt/zimbra/mailboxd/webapps/zimbra/public/login.jsp a little (or if comfortable you can start disabling functions on that page or make it a link to your pre-auth site).

    However, you may wish to just skin that a bit so it matches your school themes/logos: ZWC 5.0 Themes

    If zimbraWebClientLogoutURL does not work on session expire you might want to file that in bugzilla. Does it work properly for you on manual logouts?

    su - zimbra
    zmprov mcf zimbraWebClientLogoutURL http://www.zimbra.com
    or
    zmprov md domain.com zimbraWebClientLogoutURL http://www.zimbra.com
    I believe for the zimbraWebClientLogoutURL to work, you might need to create a virtual domains for all possible redirects:
    zmprov md domain.com +zimbraVirtualHostname http://www.zimbra.com
    (You can do this from the admin console gui as well.)
    It should come right up, but zmmailboxdctl restart can't hurt.

  3. #3
    Join Date
    Feb 2008
    Posts
    26
    Rep Power
    7

    Default

    Yes manually hit "logout" link within the Zimbra web client does work. It takes the user to our web server, which destroy site's cookie. It just doesn't work if you wait session to timeout. I should file a bug on this.

    BTW, I did changed login.jsp to hard code the value for zimbraWebClientLogoutURL and zimbraWebClientLoginURL because we have too many virutual domains - equals number of user accounts. We redirect user to their personal url to get around a certificate issue, but that's a long story . No problem here.

  4. #4
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Gotcha, be sure to post a reference to the bug # back here so other's coming across this page later know where it's at.

    Always glad to see another big EDU adopting Zimbra!

  5. #5
    Join Date
    Feb 2008
    Posts
    26
    Rep Power
    7

    Default

    Filed as bug 28049.

  6. #6
    Join Date
    Mar 2008
    Posts
    21
    Rep Power
    7

    Default

    Quote Originally Posted by shan View Post
    Yes manually hit "logout" link within the Zimbra web client does work. It takes the user to our web server, which destroy site's cookie. It just doesn't work if you wait session to timeout. I should file a bug on this.

    BTW, I did changed login.jsp to hard code the value for zimbraWebClientLogoutURL and zimbraWebClientLoginURL because we have too many virutual domains - equals number of user accounts. We redirect user to their personal url to get around a certificate issue, but that's a long story . No problem here.
    hi,

    it doesn't work on my server... and i don't want to manually edit the login.jsp file.

    I ran the command below:
    zmprov mcf zimbraWebClientLogoutURL http://www.mywebsiteAuth.com

    Any help please ?

  7. #7
    Join Date
    Feb 2008
    Posts
    26
    Rep Power
    7

    Default

    Quote Originally Posted by papango View Post
    hi,

    it doesn't work on my server... and i don't want to manually edit the login.jsp file.

    I ran the command below:
    zmprov mcf zimbraWebClientLogoutURL http://www.mywebsiteAuth.com

    Any help please ?
    It should work if you have "zimbraVirtualHostname" defined to be the Zimbra virtual host name your web server will go to after the preauth. Problem with my site is that, we have thousands of virtual names and it is not practical to maintain these many virtual names in Zimbra. Next release of ZCS has a fix that allows to define a "fallback" domain.

  8. #8
    Join Date
    Oct 2008
    Posts
    2
    Rep Power
    7

    Default Modifying login.jsp

    Does modifying login.jsp considered as modification of the source? In other word, can I user zimbra insde logo instead of Zimbra logo after I modify login.jsp file?

    Thanks

  9. #9
    Join Date
    Feb 2008
    Posts
    26
    Rep Power
    7

    Default

    Quote Originally Posted by ckim View Post
    Does modifying login.jsp considered as modification of the source? In other word, can I user zimbra insde logo instead of Zimbra logo after I modify login.jsp file?

    Thanks
    I don't think it is source code change. It is a template change which is not carried over from upgrade to upgrade. you have to keep it and apply patch each time you upgrade the server.

    The default redirect URL is resolved already BTW. I no longer need to carry my own patch.

    If you want to change logo, you probably want use customized the skin for this instead of changing jsp file.

Similar Threads

  1. 4.5 Doc set is gone from zimbra's web servers
    By su_A_ve in forum Installation
    Replies: 3
    Last Post: 01-16-2008, 08:20 AM
  2. Zimbra and other web site(s)
    By speakingdigtial in forum Administrators
    Replies: 4
    Last Post: 06-01-2007, 11:00 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •