spnego sso failure redirect

**cbl016** · 11-30-2011, 07:24 AM

I have spnego single sign on set up on zimbra and it works fine when a domain user accesses zimbra but when a client that is not on the domain tries to access zimbra it takes them to a web page that says "UNAUTHORIZED" instead of redirecting them to the zimbraSpnegoAuthErrorURL (/zimbra/?ignoreLoginURL=1).

If a non-domain user goes straight to the zimbraSpnegoAuthErrorURL (/zimbra/?ignoreLoginURL=1) then it will allow them to login normally which is what I would like when spnego authentication fails.

Any help getting this figured out would be appreciated.

**mnichols** · 11-12-2012, 01:37 PM

This appears to be bug 68053. Please vote for it.

**cbl016** · 11-13-2012, 09:23 AM

I actually contacted zimbra support about this issue and they created a custom login.jsp page to help fix this issue. I ended up modifying the script it to work better. What it does is allow certain ip sub nets for sso and everyone else is redirected to the ignoreLoginURL. Let me know if you'd like a copy of it.

**mackoftrack** · 11-13-2012, 10:19 AM

I would like a copy! Thx

**cbl016** · 11-13-2012, 10:44 AM

Here it is.

You need to change the allowedSubNets array to fit your environment. And also save a copy because every time zimbra is upgraded, this file gets overwritten and you'll have to update it.

Zimbra

Thread: spnego sso failure redirect

LinkBack

Thread Tools

Search Thread

Display

spnego sso failure redirect

Thread Information

Users Browsing this Thread

Similar Threads

[SOLVED] upgrade zimbra 5.0.2 32 bit to 64 bit

Error loading on Mac OS X 10.4.10 server PPC

3.0 to 4.5.3 Upgrade failed (mysql error)

Yet another get.DirectContext issue

system failure: getDirectContext

Posting Permissions