Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: OAuth Provider Extension for ZCS6.0

  1. #1
    Join Date
    Oct 2009
    Location
    Tokyo
    Posts
    113
    Rep Power
    6

    Default Sample OAuth Provider Extension for ZCS6.0

    Hi all.

    I want to share the output from my little personal project with you.
    The project's goal is to make Zimbra Server "OAuth"able, which means you can use it as OAuth provider by the output.

    Thanks to the Java OAuth library(oauth - Revision 1143: /code/java), i have got some Zimbra Extension working.
    Before deployment, please read through the README.txt file,
    which describes requirement, deployment step and limitation

    I am very happy to have your feedback, your question and some discussion with you.

    NOTE:This extension is tested only on 6.0.1_GA_1816.MACOSXx86_10.5 FOSS edition with OAuth signpost(oauth-signpost - Project Hosting on Google Code)


    Thank you
    Attached Files Attached Files
    Last edited by yutaka; 11-23-2009 at 10:33 AM. Reason: fixed spell

  2. #2
    Join Date
    Oct 2009
    Location
    Tokyo
    Posts
    113
    Rep Power
    6

    Default Update for OOB support

    I have updated OAuth Provider Extension for OOB support.

    You can get this updated version from attached zip file and also from
    github url below.

    bucchi's zmoauthprovext at v0.2 - GitHub

    Please check this out!
    Attached Files Attached Files

  3. #3
    Join Date
    Nov 2005
    Posts
    477
    Rep Power
    10

    Default

    Interesting. I have not looked at Oauth versus OpenID recently. I really would like to play with this for a while.

  4. #4
    Join Date
    Jan 2010
    Posts
    138
    Rep Power
    5

    Default

    You mentioned that the goal of your project is to make zimbra server "oauthable". Can you explain the use case your project tries to solve? Also, it would be great if you could elaborate the demo steps.

    Thanks!

  5. #5
    Join Date
    Oct 2009
    Location
    Tokyo
    Posts
    113
    Rep Power
    6

    Default

    About the use case,
    OAuth spec below could help you.
    OAuth Core 1.0a

    It says
    An example use case is allowing printing service printer.example.com (the Consumer), to access private photos stored on photos.example.net (the Service Provider) without requiring Users to provide their photos.example.net credentials to printer.example.com.
    With this OAuth Provider Extension, Zimbra Server can serve as the Service Provider.
    So let's say you have Portal service. The Portal service as the Consumer could get some info from Zimbra server for you with OAuth protocol. And you do not have to tell your credentials in Zimbra to the Portal service.

    This is just an example. Maybe there could be more better examples.
    But i hope it will help you.

  6. #6
    Join Date
    Jan 2010
    Posts
    138
    Rep Power
    5

    Default

    I got that part. What I was more interested in is more details about how to deploy your project. Also, a set of intructions on how to demo to someone would be very useful.

    Thanks!

  7. #7
    Join Date
    Oct 2009
    Location
    Tokyo
    Posts
    113
    Rep Power
    6

    Default

    Hi vmahajan,

    I am very sorry to be late for replying. I could not find the time for that.

    About how to deploy, here is from README.txt, which is included in the attached file above and also in
    http://github.com/bucchi/zmoauthprovext/tree/v0.2;

    How to deploy:
    --------------

    -Step1, create "sampleoauthprov" directory under /opt/zimbra/lib/ext
    -Step2, put "oauth-1.4.jar" to the directory /opt/zimbra/lib and /opt/zimbra/
    -Step3, put "authorize.jsp" file to /opt/zimbra/jetty/webapps/zimbra/public directory
    -Step4, add localconfig below using zmlocalconfig:

    oauth_consumerDescription_<consumer' key> = <consumer's description>
    oauth_consumerKey_<consumer' key> = <consumer's key>
    oauth_consumerSecret_<consumer' key> = <consumer's secret>

    and modify zimbra_auth_provider like below:

    zimbra_auth_provider = zimbra,oauth

    -Step5, restart zimbraStore zmmaiboxdctl restart

    -Step6, make your consumer app get access to /service/extension/oatuh/req_token for request token,
    and /service/extension/oauth/access_token for access token.
    For authorization, use /service/extension/oatuh/authorization.


    (*)About oauth-1.4.jar in Step2, you can get source code from
    oauth - Revision 1179: /code/java and build that.
    Or you can get the jar file from the first attachement file above.
    (second one does not have the one)

    For the deployment, this is pretty much everything I have right now.

    So let me know if you want more.
    What kinds of info do you need other than this?

    Thanks,

  8. #8
    Join Date
    Jan 2010
    Posts
    138
    Rep Power
    5

    Default

    In Step 6, can you include some sample request messages that the consumer app sends for request token, access token, and authorization? Thanks.

  9. #9
    Join Date
    Oct 2009
    Location
    Tokyo
    Posts
    113
    Rep Power
    6

    Default

    Here is the consumer web app's snippet I have used for testing;

    At first, you get singpost jar file below and import some classes to your test web app.
    oauth-signpost - Project Hosting on Google Code

    import oauth.signpost.OAuth;
    import oauth.signpost.OAuthConsumer;
    import oauth.signpost.OAuthProvider;
    import oauth.signpost.basic.DefaultOAuthProvider;
    import oauth.signpost.http.HttpRequest;
    import oauth.signpost.basic.HttpRequestAdapter;
    import oauth.signpost.jetty.JettyOAuthConsumer;
    import oauth.signpost.signature.OAuthMessageSigner;
    import oauth.signpost.signature.SignatureMethod;
    In your test servlet's doGet, you check if the request parameter includes "oauth_token" or not.

    If it doesn't

    OAuthConsumer consumer = new JettyOAuthConsumer(CONSUMER_KEY,
    CONSUMER_SECRET, SignatureMethod.HMAC_SHA1);

    OAuthProvider provider = new DefaultOAuthProvider(consumer,
    BASE_ENDPOINT_URL+REQUEST_TOKEN_ENDPOINT_URL, BASE_ENDPOINT_URL+ACCESS_TOKEN_ENDPOINT_URL,
    BASE_ENDPOINT_URL+AUTHORIZE_WEBSITE_URL);

    String url = provider.retrieveRequestToken(CALLBACK_URL);
    hs.setAttribute("provider", provider);
    response.sendRedirect(url);


    If it does

    HttpSession hs = request.getSession(false);
    OAuthProvider provider = (OAuthProvider)hs.getAttribute("provider");
    String oaverifier = request.getParameter("oauth_verifier");
    provider.retrieveAccessToken(oaverifier);

    HttpURLConnection connection = (HttpURLConnection) new URL("http://<your zimbra server>/service/home/<user name>@<your domain name>/inbox.rss").openConnection();

    connection.setRequestMethod("GET");

    HttpRequest req = new HttpRequestAdapter(connection);
    provider.getConsumer().sign(req);
    connection.connect();
    Note:
    +This app is for Jetty.
    +REQUEST_TOKEN_ENDPOINT_URL = "/req_token";
    +ACCESS_TOKEN_ENDPOINT_URL = "/access_token";
    +AUTHORIZE_WEBSITE_URL = "/authorization";

    I hope it will help you.

    And maybe I will include also a consumer app sample like above in next version of OAuth Provider Extension.

  10. #10
    Join Date
    Jan 2010
    Posts
    138
    Rep Power
    5

    Default

    I tried using your oauth provider extension. It worked till the point where I get the access token and secret. But when I try to access the protected resource using this access token I get a signature invalid exception.

    Here's the code I use to get the access token:


    OAuthConsumer consumer = new DefaultOAuthConsumer(CONSUMER_KEY, CONSUMER_SECRET);

    OAuthProvider provider = new DefaultOAuthProvider(REQUEST_TOKEN_ENDPOINT_URL,
    ACCESS_TOKEN_ENDPOINT_URL,
    AUTHORIZE_WEBSITE_URL);

    String userAuthzUrl = provider.retrieveRequestToken(consumer, OAuth.OUT_OF_BAND);
    System.out.println(userAuthzUrl);

    Scanner scanner = new Scanner(System.in);
    System.out.println("Verification code: ");
    provider.retrieveAccessToken(consumer, scanner.nextLine());


    And Here's the code to access the protected resource:


    OAuthConsumer consumer = new DefaultOAuthConsumer(CONSUMER_KEY, CONSUMER_SECRET);
    // use the access token obtained above
    consumer.setTokenWithSecret("2110f8fea7c799cecfa5c e931206e589", "38a4114222a2c2417a4bda12027f7634");
    URL protRscUrl = new URL("http://localhost:4444/home/user1/inbox.rss");
    HttpURLConnection connection = (HttpURLConnection) protRscUrl.openConnection();
    consumer.sign(connection);
    connection.connect();
    connection.getInputStream();


    The exception I get is:

    net.oauth.OAuthProblemException: signature_invalid

    from SimpleOAuthRevAValidator.validateSignature() method.

    Any idea why I am getting this error?

    Thanks!

Similar Threads

  1. ZimbraCheck firefox extension
    By tim brennan in forum Users
    Replies: 33
    Last Post: 04-16-2014, 04:58 AM
  2. New Domain disclaimer Admin Extension
    By deugenin in forum Administrators
    Replies: 57
    Last Post: 04-06-2012, 11:45 AM
  3. Dedicated hosting provider recommendations
    By RobXB in forum Installation
    Replies: 5
    Last Post: 01-27-2009, 04:39 AM
  4. Admin Extension fail view
    By deugenin in forum Developers
    Replies: 5
    Last Post: 11-22-2007, 03:01 PM
  5. zimbra_posixaccount Admin Extension
    By pbruna in forum Administrators
    Replies: 4
    Last Post: 05-08-2007, 08:06 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •