Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page Zimbra multitenant CAS SSO?

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 12-19-2011, 08:31 AM
Member
  
Posts: 14
Default Zimbra multitenant CAS SSO?
According to https://wiki.jasig.org/display/CAS/CASifying+Zimbra+6.0, in order to let Zimbra support CAS SSO, DOMAIN_KEY has to be hardcoded into preauth.jsp.

But Zimbra multitenant has multiple domains and then has multiple DOMAIN_KEY. How to deal with Zimbra multitenant CAS SSO?
Reply With Quote
  #2 (permalink)  
Old 01-08-2012, 09:48 PM
Member
  
Posts: 14
Default
Any idea for this situation?
Reply With Quote
  #3 (permalink)  
Old 01-08-2012, 10:49 PM
Active Member
  
Posts: 34
Default
Do you have single master domain, to which all accounts belong?
If not, can you add single master domain and simply use the tenants as domain alias, but using the aliased domain as primary?

Then your single master domain would provide the authentication base for all the tenants.

Another approach could be something like:
zmprov md yourdomain.com zimbraWebClientLoginURL https://zimbra.url.comort/zimbra/public/preauth.jsp
zmprov md anotherdomain.com zimbraWebClientLoginURL https://zimbra.url.com:port/zimbra/p...herpreauth.jsp
zmprov md yourthirddomain.com zimbraWebClientLoginURL https://zimbra.url.com:port/zimbra/p...irdpreauth.jsp
Reply With Quote
  #4 (permalink)  
Old 01-08-2012, 10:54 PM
Member
  
Posts: 14
Default
I could not do "add single master domain and simply use the tenants as domain alias" because "account@domain1.com" and "account@domain2.com" are different accounts.
Reply With Quote
  #5 (permalink)  
Old 01-08-2012, 11:03 PM
Active Member
  
Posts: 34
Default
Then you have to use the another approach I suggested, it's actually much easier to do than mass-aliasing now that I think about it.
Reply With Quote
  #6 (permalink)  
Old 01-17-2012, 08:05 PM
Member
  
Posts: 14
Default
Currently preauth generates one preauth code for one domain. Is it possible to use one preauth code for all domains?
Reply With Quote
  #7 (permalink)  
Old 01-17-2012, 11:40 PM
Active Member
  
Posts: 34
Default
Preauth is domain specific since it contains the domainkey.
You need own preauth for each domain.
Stack them in web.xml, something like:

Code:
<filter-mapping>
    <filter-name>CasAuthenticationFilter</filter-name>
    <url-pattern>/public/preauth.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>CasAuthenticationFilter</filter-name>
    <url-pattern>/public/anotherpreauth.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>CasAuthenticationFilter</filter-name>
    <url-pattern>/public/thirdpreauth.jsp</url-pattern>
</filter-mapping>
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.