preauth enquiry

[arpitamunjal]

Hi,
i am new to zimbra ,want to find out how zimbra does authentication,i want to use my own auth method and put it back to zimbra
Any API where the auth is done
Can anyone help

[JoshuaPrismon]

Quote:

Originally Posted by arpitamunjal

Hi,
i am new to zimbra ,want to find out how zimbra does authentication,i want to use my own auth method and put it back to zimbra
Any API where the auth is done
Can anyone help

There is a new API for authentication in Zimbra. Check it out in the docs/ directory of ZimbraServer. Youcan get the tarball from the download page.

[arpitamunjal]

Can i login in my application which automatically logins to zimbra also.

I do the authentication thru some other open source s/w and return the token or after validation i tell Zimbra to bypass it for authentication and than continue using Zimbra.
Do i need auth token of zimbra or i can supply from my application to the places(?) wher zimbra is using this auth token.
I am not able to find the starting point where zimbra uses auth token.
If i replace it with my auth token will zimbra work?????
Key is which API to useto bypass zimbra only for authentication not using its LDAP server and using some other open source for auth but after auth its only zimbra.

Do i need to check SOAP API's

[JoshuaPrismon]

Quote:

Originally Posted by arpitamunjal

Can i login in my application which automatically logins to zimbra also.

I do the authentication thru some other open source s/w and return the token or after validation i tell Zimbra to bypass it for authentication and than continue using Zimbra.
Do i need auth token of zimbra or i can supply from my application to the places(?) wher zimbra is using this auth token.
I am not able to find the starting point where zimbra uses auth token.
If i replace it with my auth token will zimbra work?????
Key is which API to useto bypass zimbra only for authentication not using its LDAP server and using some other open source for auth but after auth its only zimbra.

Do i need to check SOAP API's

Search for Preauth.

[arpitamunjal]

Hi,
Sorry but i coulnt get what u want to say properly.
Steps on what i want and plan to do:-
1)login in my client and do auth thru some other open souce API's and retrieve the token.
2)redirect it to zimbra.
3)my open souce API's for auth should each time see whether the token is valid.

Query
? i want to know the method where zimbra does the validation of token so that i can replace it with my method and call that open source API's each time to check whether toke is valid or not.
?Do i need to have zimbra token also to use for all zimbra applications,can i override it with mine.
?ALSO DOES DIRECTLOGIN AS SPECIFIED IN PREAUTH.TXT DOES AUTHENTICATION THRU MY API's or i have to use zimbra SOAP API's.Actually i dont have an idea of SOAP.
Please help me sought my problem and can u be a little more specific.
Thanks

[arpitamunjal]

Is autologin to Zimbra from our application without passing the password( as mentioned in preauth.txt) same as authentication.

[JoshuaPrismon]

Quote:

Originally Posted by arpitamunjal

Hi,
Sorry but i coulnt get what u want to say properly.
Steps on what i want and plan to do:-
1)login in my client and do auth thru some other open souce API's and retrieve the token.
2)redirect it to zimbra.
3)my open souce API's for auth should each time see whether the token is valid.

Query
? i want to know the method where zimbra does the validation of token so that i can replace it with my method and call that open source API's each time to check whether toke is valid or not.
?Do i need to have zimbra token also to use for all zimbra applications,can i override it with mine.
?ALSO DOES DIRECTLOGIN AS SPECIFIED IN PREAUTH.TXT DOES AUTHENTICATION THRU MY API's or i have to use zimbra SOAP API's.Actually i dont have an idea of SOAP.
Please help me sought my problem and can u be a little more specific.
Thanks

Please do not make multiple posts with the same question. I have merged the threads together.

[JoshuaPrismon]

Quote:

Originally Posted by arpitamunjal

Hi,
Sorry but i coulnt get what u want to say properly.
Steps on what i want and plan to do:-
1)login in my client and do auth thru some other open souce API's and retrieve the token.
2)redirect it to zimbra.
3)my open souce API's for auth should each time see whether the token is valid.

Query
? i want to know the method where zimbra does the validation of token so that i can replace it with my method and call that open source API's each time to check whether toke is valid or not.
?Do i need to have zimbra token also to use for all zimbra applications,can i override it with mine.
?ALSO DOES DIRECTLOGIN AS SPECIFIED IN PREAUTH.TXT DOES AUTHENTICATION THRU MY API's or i have to use zimbra SOAP API's.Actually i dont have an idea of SOAP.
Please help me sought my problem and can u be a little more specific.
Thanks

1) Yes. The Pre-Auth process allows this. In short you generate a hash and pass it to the zimbra server.
2) Yes. The Authorization code is passed to the server via the URL or POST.
3) How you manage your own token is up to you.

You could replace this mechanism, but it really is simply. Better to work with it I suspect. You don't need to work with SOAP at all.