Results 1 to 7 of 7

Thread: Zimbra multitenant CAS SSO?

  1. #1
    xiebo is offline Intermediate Member
    Join Date
    Jul 2011
    Posts
    15
    Rep Power
    4

    Default Zimbra multitenant CAS SSO?

    According to https://wiki.jasig.org/display/CAS/CASifying+Zimbra+6.0, in order to let Zimbra support CAS SSO, DOMAIN_KEY has to be hardcoded into preauth.jsp.

    But Zimbra multitenant has multiple domains and then has multiple DOMAIN_KEY. How to deal with Zimbra multitenant CAS SSO?

  2. #2
    xiebo is offline Intermediate Member
    Join Date
    Jul 2011
    Posts
    15
    Rep Power
    4

    Default

    Any idea for this situation?

  3. #3
    kruon is offline Loyal Member
    Join Date
    Jul 2009
    Location
    Jyväskylä, Finland
    Posts
    83
    Rep Power
    5

    Default

    Do you have single master domain, to which all accounts belong?
    If not, can you add single master domain and simply use the tenants as domain alias, but using the aliased domain as primary?

    Then your single master domain would provide the authentication base for all the tenants.

    Another approach could be something like:
    zmprov md yourdomain.com zimbraWebClientLoginURL https://zimbra.url.comort/zimbra/public/preauth.jsp
    zmprov md anotherdomain.com zimbraWebClientLoginURL https://zimbra.url.com:port/zimbra/p...herpreauth.jsp
    zmprov md yourthirddomain.com zimbraWebClientLoginURL https://zimbra.url.com:port/zimbra/p...irdpreauth.jsp

  4. #4
    xiebo is offline Intermediate Member
    Join Date
    Jul 2011
    Posts
    15
    Rep Power
    4

    Default

    I could not do "add single master domain and simply use the tenants as domain alias" because "account@domain1.com" and "account@domain2.com" are different accounts.

  5. #5
    kruon is offline Loyal Member
    Join Date
    Jul 2009
    Location
    Jyväskylä, Finland
    Posts
    83
    Rep Power
    5

    Default

    Then you have to use the another approach I suggested, it's actually much easier to do than mass-aliasing now that I think about it.

  6. #6
    xiebo is offline Intermediate Member
    Join Date
    Jul 2011
    Posts
    15
    Rep Power
    4

    Default

    Currently preauth generates one preauth code for one domain. Is it possible to use one preauth code for all domains?

  7. #7
    kruon is offline Loyal Member
    Join Date
    Jul 2009
    Location
    Jyväskylä, Finland
    Posts
    83
    Rep Power
    5

    Default

    Preauth is domain specific since it contains the domainkey.
    You need own preauth for each domain.
    Stack them in web.xml, something like:

    Code:
    <filter-mapping>
        <filter-name>CasAuthenticationFilter</filter-name>
        <url-pattern>/public/preauth.jsp</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>CasAuthenticationFilter</filter-name>
        <url-pattern>/public/anotherpreauth.jsp</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>CasAuthenticationFilter</filter-name>
        <url-pattern>/public/thirdpreauth.jsp</url-pattern>
    </filter-mapping>

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. What to clean on a Zimbra mail server?
    By tezarin in forum Administrators
    Replies: 11
    Last Post: 12-16-2011, 12:43 PM
  2. Replies: 31
    Last Post: 12-15-2007, 09:05 PM
  3. [SOLVED] Error Installing Zimbra on RHEL 5
    By harris7139 in forum Installation
    Replies: 10
    Last Post: 09-25-2007, 11:39 AM
  4. zmtlsctl give LDAP error
    By sourcehound in forum Administrators
    Replies: 5
    Last Post: 03-11-2007, 03:48 PM
  5. 4.5 Upgrade failure
    By brained in forum Installation
    Replies: 9
    Last Post: 03-03-2007, 03:30 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •