Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Developers
Reload this Page SOAP AuthRequest Question

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 05-05-2008, 12:03 PM
Project Contributor
  
Posts: 67
Default SOAP AuthRequest Question
Hello, I have a question wrt/ the way the SOAP AuthRequest works. I'm trying to validate a users ZM_AUTH_TOKEN cookie and it appears as if the way to do this via SOAP, is with an AuthRequest. In the SOAP docs for AuthRequest, it mentions:

"an authToken can be passed instead of account/password/preauth to validate an existing auth token."

However, the same authToken seems to validate with any User ID..

For example, if I log in as user@zimbraserver.edu, and then issue the following AuthRequest with their cookie:

Code:
<AuthRequest xmlns="urn:zimbraAccount">
<account by="id">user@zimbraserver.edu</account>
<authToken>0_80d73a1141595a4daaef1af9853055c450....[long]...</authToken>
</AuthRequest>

I get the Response:

<AuthResponse xmlns="urn:zimbraAccount">
<authToken>0_80d73a1141595a4daaef1af9853055c450....[long]...</authToken>
  <lifetime>172046740</lifetime>
  <sessionId id="1577">1577</sessionId>
  <skin>beach</skin>
</AuthResponse>
I appears to get a response as if it has set a session for user@zimbraserver.edu instead of validating an existing session. If I issue subsequent requests with the same ZM_AUTH_TOKEN as different users, it returns a new session too.

So the question is: How do I do, as the docs say: validate an existing ZM_AUTH_TOKEN. And am I on the right track with using AuthRequest? Thank you for any help here!
Reply With Quote
  #2 (permalink)  
Old 08-06-2008, 03:52 PM
Junior Member
  
Posts: 7
Default
Have you had any luck with this? I am currently having the same issue...
__________________
Jon
Reply With Quote
  #3 (permalink)  
Old 08-06-2008, 05:13 PM
Project Contributor
  
Posts: 67
Default
This was a while ago, but I believe I had mis-understood the term "validate" in the docs. However, it turns out that you can run SOAP commands as the user in question directly to verify the validity of their token:

1) Get the value of the users ZM_AUTH_TOKEN cookie
2) Bind to the local SOAP api as that user, with their AuthToken at: https://127.0.0.1/service/soap/
3) Run a soap call like: GetInfoRequest

If the user is not valid (cookie is not valid), the SOAP api will tell you. If the session is valid, their username will be returned in the GetInfoRequest SOAP return, which you can use for your program logic..

At least this is the way I ended up solving my problem =)

Hope this helps.

-Rob
Reply With Quote
  #4 (permalink)  
Old 08-06-2008, 09:55 PM
Zimbra Employee
  
Posts: 1,434
Default
To validate an auth token, omit the <account> element from the AuthRequest:

Quote:
<AuthRequest xmlns="urn:zimbraAccount">
<authToken>0_80d73a1141595a4daaef1af9853055c450... .[long]...</authToken>
</AuthRequest>
__________________
Bugzilla - Wiki - Downloads - Before posting... Search!
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.