Results 1 to 9 of 9

Thread: Cas?

  1. #1
    goo0h is offline Active Member
    Join Date
    Sep 2005
    Posts
    47
    Rep Power
    9

    Default Cas?

    Any possibility that Zimbra might work with CAS?

  2. #2
    KevinH's Avatar
    KevinH is offline Expert Member
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    18

    Default

    I took a quick look. Seems to be generic enough that it would work, doesn't require much to do single sign-on into our app. This seems like something that the community could do if there was an interest or need.

  3. #3
    Klug's Avatar
    Klug is offline Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,316
    Rep Power
    13

    Default

    Does anyone have any additional info on CAS SSO with Zimbra ?

  4. #4
    KevinH's Avatar
    KevinH is offline Expert Member
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    18

    Default

    We now have a pre-auth SSO ability that should be easy to combine with CAS. Looks like their Java or JSP client would be the best route. Search on pre-auth for more details.
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

  5. #5
    Klug's Avatar
    Klug is offline Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,316
    Rep Power
    13

    Default

    Excellent!

  6. #6
    croffler is offline Member
    Join Date
    Oct 2006
    Posts
    12
    Rep Power
    8

    Default

    I took a look at the preauth stuff. I do not think it is possible to use CAS with this aproach. preauth requires a static key where CAS creates 'dynamic' tickets. Any other idea on how to implement this without modifying source code ?

  7. #7
    schemers is offline Zimbra Employee
    Join Date
    Aug 2005
    Posts
    228
    Rep Power
    9

    Default

    You should absolutely be able to use preauth with something like CAS. The whole point of preauth is the identity has already been pre-authenticated (hence the name, preauth).

    It doesn't matter how the identity got pre-authenticated (Kerberos, CAS, WebAuth, GSS-API, etc), and it doesn't matter what method preauth uses (static-key, etc).

    What you would do is take the preauth.jsp file referenced in preauth.txt, and use CAS to authenticate/validate the identity, then take that identity from CAS (potentially mapping it to an email address if need be) and use preauth to authenticate the user from Zimbra's side.
    Bugzilla - Wiki - Downloads - Before posting... Search!

  8. #8
    Artturi is offline Loyal Member
    Join Date
    Dec 2006
    Location
    Paris
    Posts
    78
    Rep Power
    8

    Default need for development ?

    Hello,

    I'm considering switching to zimbra and have also plans to use a CAS server.

    I've read about using an apache authentication for zimbra
    http://wiki.zimbra.com/index.php?title=LDAP_Apache

    Wouldn't that work if simply using mod_cas in apache's configuration ?

    Artturi

  9. #9
    schemers is offline Zimbra Employee
    Join Date
    Aug 2005
    Posts
    228
    Rep Power
    9

    Default

    mod_cas would get you the identity you'd need to use in the preauth.jsp servlet to generate the required info for preauth.
    Bugzilla - Wiki - Downloads - Before posting... Search!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Single Sign On with CAS from Yale
    By croffler in forum Installation
    Replies: 3
    Last Post: 08-14-2007, 12:59 PM
  2. Replies: 1
    Last Post: 05-03-2007, 07:50 AM
  3. Problem with preauth
    By majodo in forum Developers
    Replies: 1
    Last Post: 05-03-2007, 07:44 AM
  4. SSO with CAS and Zimbra
    By bdutta in forum Developers
    Replies: 4
    Last Post: 11-28-2006, 10:44 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •