Results 1 to 5 of 5

Thread: authing against external system in all cases

  1. #1
    Join Date
    Jan 2011
    Posts
    25
    Rep Power
    4

    Default authing against external system in all cases

    Hi,

    Is it possible to authenticate users against an external system in all cases?

    For example in our setup the users would already have a cookie (from the proper domain) that contains their validated sign on token. We would like to use this for authorization into Zimbra.

    To be clear our ideal scenario doesn't involve making pre-calls or anything of that nature to Zimbra, rather we would like to implement an extension that would automatically read the existing cookie and determine that the user is authorized (it could make calls to our auth system to make sure it is still valid etc).

    At first I thought this blog post seemed promising: » Zimbra :: Blog
    however it doesn't quite seem to do what we need; it appears this is more for accessing the SOAP API externally. AuthProvider still seems promising however currently it seems in my testing only the SOAP authToken method is ever called where we don't have access to the cookies (not super surprising since the web-client uses SOAP).

    Is this possible somehow? Previously I've also implemented a ZimbraCustomAuth which is alright but it still requires the user to log in at the Zimbra login page. Better would be to just have our AuthProvider always called with the 'raw' request and we could simply validate the already existing cookie...

    Thx for input!

  2. #2
    Join Date
    Jun 2010
    Posts
    198
    Rep Power
    5

    Default

    could you please check zimbra preauth

  3. #3
    Join Date
    Jan 2011
    Posts
    25
    Rep Power
    4

    Default

    Hey Saturdays,

    Thx for the reply.

    I have looked into Preauth and it is probably the #2 preferred solution.

    Still though it doesn't QUITE do what we'd like. You can't always have everything of course but our ideal solution is still to just use our exist sign on system cookie directly; that way all authentication issues can be managed by our existing system which ties in with all our other properties. For example if a user pre-auths and goes to Zimbra then stays there for enough time that their session in our system dies and goes back to another property they will again be prompted for a login which is just not ideal ...

    It seems the AuthProvider is really close to doing what we need ... just not quite

  4. #4
    Join Date
    Oct 2007
    Posts
    33
    Rep Power
    8

    Default

    Yes it is possible:
    - Configure in your zimbra domain zimbraWebClientLoginURL and zimbraWebClientLogoutURL to point to your main login page
    - Configure your main site cookie/session timeout to be the same as zimbra's session timeout

  5. #5
    Join Date
    Jan 2011
    Posts
    25
    Rep Power
    4

    Default

    Thx again I don't think this is really the same though as using our systems token/cookie 'natively' ...

    Sorry not trying to be difficult to please, just looking for something quite specific. It might not even be possible just thought I'd see if anyone else has done it .

Similar Threads

  1. Replies: 7
    Last Post: 02-13-2013, 02:36 AM
  2. Replies: 2
    Last Post: 04-01-2011, 01:17 AM
  3. [SOLVED] Mailserver down when send file attach of 50Mb
    By ZMilton in forum Administrators
    Replies: 20
    Last Post: 04-10-2008, 12:44 PM
  4. Error loading on Mac OS X 10.4.10 server PPC
    By qprcanada in forum Installation
    Replies: 7
    Last Post: 10-26-2007, 07:25 AM
  5. system failure: getDirectContext
    By avisser in forum Installation
    Replies: 3
    Last Post: 10-12-2005, 06:32 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •