ZCS Administrator Guide 7.2.1
ZCS Administrator Guide 7.2.1
Open Source Edition


Zimbra LDAP Service > Custom Authentication - zimbraCustomAuth

Custom Authentication - zimbraCustomAuth
You can implement a custom authentication on your domain. Custom authentication allows external authentication to your proprietary identity database. When an AuthRequest comes in, Zimbra checks the designated auth mechanism for the domain. If the auth mechanism is set to custom auth, Zimbra invokes the registered custom auth handler to authenticate the user.
To set up custom authentication, prepare the domain for the custom auth and register the custom authentication handler.
Preparing a domain for custom auth
To enable a domain for custom auth, set the domain attribute, zimbraAuthMet to custom:{registered-custom-auth-handler-name}.
For example:
zmprov modifydomain {domain|id} zimbraAuthMech custom:sample.
In the above example, “sample” is the name under which a custom auth mechanism is registered.
Registering a custom authentication handler
To register a custom authentication handler, invoke ZimbraCustomAuth.register [handlerName, handler] in the init method of the extension.
*
Class: com.zimbra.cs.account.ldap.zimbraCustomAuth
*
Method: public synchronized static void register [String handlerName, zimbraCustomAuth handler]
Note:
handlername is the name under which this custom auth handler is registered to Zimbra’s authentication infrastructure. This is the name that is set in the domain’s zimbraAuthMech attribute. For example, if the registered name is “sample”, than zimbraAuthMech must be set to custom:sample.
handler is the object on which the authenticate method is invoked for this custom auth handler. The object has to be an instance of zimbraCustomAuth (or subclasses of it).
Example
 
How Custom Authentication Works
When an AuthRequest comes in, if the domain is specified to use custom auth, the authenticating framework invokes the authenticate method on the ZimbraCustomAuth instance passed as the handler parameter to ZimbraCustomAuth.register ().
The account object for the principal to be authenticated and the clear-text password entered by the user are passed to ZimbraCustomAuth .authenticate (). All attributes of the account can be retrieved from the account object.
Copyright © 2012 VMware Inc.