Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: validity of auth token

  1. #1
    arpitamunjal is offline Intermediate Member
    Join Date
    Oct 2007
    Posts
    18
    Rep Power
    7

    Default validity of auth token

    Hi,
    1)How to determine the validity of auth token in zimbra on what attrib its based
    2)How zimbra creates auth token based ?

  2. #2
    dkarp is offline Zimbra Employee
    Join Date
    Aug 2005
    Posts
    1,433
    Rep Power
    11

    Default

    Auth tokens are valid for 12 hours by default. This can be overridden at account/COS level using the zimbraAuthTokenLifetime attribute. (Note that admin tokens use a different default/override.)

    See com.zimbra.cs.account.AuthToken.java for details on how auth tokens are constructed.
    Bugzilla - Wiki - Downloads - Before posting... Search!

  3. #3
    arpitamunjal is offline Intermediate Member
    Join Date
    Oct 2007
    Posts
    18
    Rep Power
    7

    Default more enqiry abt auth token

    Once the user gets authenticated thru my own application ,i get the token from my application and now i redirect to Zimbra.
    1)Do i need create Zimbra token for using all the services of Zimbra like eg mail.
    2)what does Zimbra do with the token thet it create in AuthToken.java file.
    I find so many auth token var in Zimbra API's like e_authtoken,than authauthtoken etc.

  4. #4
    dkarp is offline Zimbra Employee
    Join Date
    Aug 2005
    Posts
    1,433
    Rep Power
    11

    Default

    Look at the documentation for preauth. I think that's what you want.
    Bugzilla - Wiki - Downloads - Before posting... Search!

  5. #5
    arpitamunjal is offline Intermediate Member
    Join Date
    Oct 2007
    Posts
    18
    Rep Power
    7

    Default auth token

    Hi,
    Sorry but i think i am not able to express my prob.
    Let me put it again my design.
    1)I have a client which logins in some auth service outside zimbra and returns me token(not a zimbra token) .
    2)next now i am in zimbra after getting token from someother party,now i am using all services of zimbra but i want to use my token instaed of zimbra token.
    3)zimbra uses his own token to run all the applications ie mail etc.
    So do i need to override my token with zimbra token or its not needed.What i want is whenever zimbra tries to validate its token i override that method so that it uses my API' method to check the validity of token.
    Than i looked at the code and Zimbra has a method isExpired() so override that and call my API's method which will tell whether my toke is valid or not.Would this solve my purpose ,wee i am not sure.

    Also i am thinking do i need to change in all places ACCOUNT_STATUS.
    Please help

  6. #6
    fernandoflorez is offline Project Contributor
    Join Date
    Sep 2006
    Posts
    252
    Rep Power
    8

    Default

    I would suggest using your token for your own app and zimbra's for your communication with it.

    Changing the token zimbra uses will require a recompile of zimbra and a lot of testings.

    Another solution is to use zimbra's token for everything.

  7. #7
    arpitamunjal is offline Intermediate Member
    Join Date
    Oct 2007
    Posts
    18
    Rep Power
    7

    Default on auth token

    Thanks but the problem is i dont want to use zimbra token for vaildation and zimbra is using its token for validation everywhere(if it does validation everytime).
    So i was thinking there has to be at the bottomline some method where each service first or anytime checks whether the token is valid and if yes than it performs all the services.Please help me find that method

    Also can u tell me the validity of zimbra token is based on what parameters like expire time,ACCOUNT_STATUS and what.

    I want to just use my token for authentcaion and for rest zimbra token can work.Zimbra should not give me invalid token but my application call should give me that.So i need that method wher comparison with zibra token to ? is done
    I am passing my token to zimbra

    Thanks

  8. #8
    fernandoflorez is offline Project Contributor
    Join Date
    Sep 2006
    Posts
    252
    Rep Power
    8

    Default

    I don't think i get you right.

    You have an application with it's own token, right? Do you have that app already built or you are starting to architect it?

    What's the problem with using the zimbra token?

    I don't recommend hacking the zimbra method, apart from being a little too much work for smth like that you may open a security door doing so.

    Can you give us a little more info about what you are trying to achieve?

    Thanks,

  9. #9
    arpitamunjal is offline Intermediate Member
    Join Date
    Oct 2007
    Posts
    18
    Rep Power
    7

    Default auth token

    Hi thanks first for the quick response.
    Ya i already have an application built on some open souce API's thru which auth is done and this application also gives token and expiration time.
    So want to incorporate that feature.Take a scenario where i create my own mail server based on open source API's of zimbra and incorporate my authentication stuff in it.but as i am passing my auth token everywhere in my mail server that i plan to create.
    So i am asking does zimbracheck for each of its service whether token is valid or does it take something from its Account object to verify the token.
    Or u can tell what zimbra does after it gets it auth token for the first time.All the services do they do anything with it after getting the first token

    Or just bypass the zimbra token whenever any service wants to check with it and use my token:----anyway out
    Last edited by arpitamunjal; 10-19-2007 at 12:23 PM.

  10. #10
    fernandoflorez is offline Project Contributor
    Join Date
    Sep 2006
    Posts
    252
    Rep Power
    8

    Default

    I suggest storing zimbra's token somewhere and use that for the zimbra<->your app communication rather than modifying zimbra.

    Doing this will be less work than understanding zimbra, hacking zimbra, recompiling zimbra, testing zimbra and testing your app with zimbra.

    Why this is a no-go for you?

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Basic SOAP Questions
    By bgibby in forum Developers
    Replies: 13
    Last Post: 01-07-2008, 11:57 AM
  2. [SOLVED] NE Migration: SMTP AUTH Failure
    By markpr in forum Installation
    Replies: 14
    Last Post: 10-03-2007, 12:51 PM
  3. Replies: 3
    Last Post: 08-11-2007, 12:40 PM
  4. tls auth only?
    By rmvg in forum Administrators
    Replies: 16
    Last Post: 10-23-2005, 08:50 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •