Results 1 to 7 of 7

Thread: Zimbra multitenant CAS SSO?

  1. #1
    Join Date
    Jul 2011
    Posts
    15
    Rep Power
    4

    Default Zimbra multitenant CAS SSO?

    According to https://wiki.jasig.org/display/CAS/CASifying+Zimbra+6.0, in order to let Zimbra support CAS SSO, DOMAIN_KEY has to be hardcoded into preauth.jsp.

    But Zimbra multitenant has multiple domains and then has multiple DOMAIN_KEY. How to deal with Zimbra multitenant CAS SSO?

  2. #2
    Join Date
    Jul 2011
    Posts
    15
    Rep Power
    4

    Default

    Any idea for this situation?

  3. #3
    Join Date
    Jul 2009
    Location
    Jyväskylä, Finland
    Posts
    83
    Rep Power
    6

    Default

    Do you have single master domain, to which all accounts belong?
    If not, can you add single master domain and simply use the tenants as domain alias, but using the aliased domain as primary?

    Then your single master domain would provide the authentication base for all the tenants.

    Another approach could be something like:
    zmprov md yourdomain.com zimbraWebClientLoginURL https://zimbra.url.comort/zimbra/public/preauth.jsp
    zmprov md anotherdomain.com zimbraWebClientLoginURL https://zimbra.url.com:port/zimbra/p...herpreauth.jsp
    zmprov md yourthirddomain.com zimbraWebClientLoginURL https://zimbra.url.com:port/zimbra/p...irdpreauth.jsp

  4. #4
    Join Date
    Jul 2011
    Posts
    15
    Rep Power
    4

    Default

    I could not do "add single master domain and simply use the tenants as domain alias" because "account@domain1.com" and "account@domain2.com" are different accounts.

  5. #5
    Join Date
    Jul 2009
    Location
    Jyväskylä, Finland
    Posts
    83
    Rep Power
    6

    Default

    Then you have to use the another approach I suggested, it's actually much easier to do than mass-aliasing now that I think about it.

  6. #6
    Join Date
    Jul 2011
    Posts
    15
    Rep Power
    4

    Default

    Currently preauth generates one preauth code for one domain. Is it possible to use one preauth code for all domains?

  7. #7
    Join Date
    Jul 2009
    Location
    Jyväskylä, Finland
    Posts
    83
    Rep Power
    6

    Default

    Preauth is domain specific since it contains the domainkey.
    You need own preauth for each domain.
    Stack them in web.xml, something like:

    Code:
    <filter-mapping>
        <filter-name>CasAuthenticationFilter</filter-name>
        <url-pattern>/public/preauth.jsp</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>CasAuthenticationFilter</filter-name>
        <url-pattern>/public/anotherpreauth.jsp</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>CasAuthenticationFilter</filter-name>
        <url-pattern>/public/thirdpreauth.jsp</url-pattern>
    </filter-mapping>

Similar Threads

  1. What to clean on a Zimbra mail server?
    By tezarin in forum Administrators
    Replies: 11
    Last Post: 12-16-2011, 11:43 AM
  2. Replies: 31
    Last Post: 12-15-2007, 08:05 PM
  3. [SOLVED] Error Installing Zimbra on RHEL 5
    By harris7139 in forum Installation
    Replies: 10
    Last Post: 09-25-2007, 11:39 AM
  4. zmtlsctl give LDAP error
    By sourcehound in forum Administrators
    Replies: 5
    Last Post: 03-11-2007, 03:48 PM
  5. 4.5 Upgrade failure
    By brained in forum Installation
    Replies: 9
    Last Post: 03-03-2007, 02:30 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •