Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Developers
Reload this Page authing against external system in all cases

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 02-24-2011, 03:26 PM
arw arw is offline
Active Member
  
Posts: 25
Default authing against external system in all cases
Hi,

Is it possible to authenticate users against an external system in all cases?

For example in our setup the users would already have a cookie (from the proper domain) that contains their validated sign on token. We would like to use this for authorization into Zimbra.

To be clear our ideal scenario doesn't involve making pre-calls or anything of that nature to Zimbra, rather we would like to implement an extension that would automatically read the existing cookie and determine that the user is authorized (it could make calls to our auth system to make sure it is still valid etc).

At first I thought this blog post seemed promising: » Zimbra :: Blog
however it doesn't quite seem to do what we need; it appears this is more for accessing the SOAP API externally. AuthProvider still seems promising however currently it seems in my testing only the SOAP authToken method is ever called where we don't have access to the cookies (not super surprising since the web-client uses SOAP).

Is this possible somehow? Previously I've also implemented a ZimbraCustomAuth which is alright but it still requires the user to log in at the Zimbra login page. Better would be to just have our AuthProvider always called with the 'raw' request and we could simply validate the already existing cookie...

Thx for input!
Reply With Quote
  #2 (permalink)  
Old 02-24-2011, 11:03 PM
Advanced Member
  
Posts: 198
Default
could you please check zimbra preauth
Reply With Quote
  #3 (permalink)  
Old 02-25-2011, 07:41 AM
arw arw is offline
Active Member
  
Posts: 25
Default
Hey Saturdays,

Thx for the reply.

I have looked into Preauth and it is probably the #2 preferred solution.

Still though it doesn't QUITE do what we'd like. You can't always have everything of course but our ideal solution is still to just use our exist sign on system cookie directly; that way all authentication issues can be managed by our existing system which ties in with all our other properties. For example if a user pre-auths and goes to Zimbra then stays there for enough time that their session in our system dies and goes back to another property they will again be prompted for a login which is just not ideal ...

It seems the AuthProvider is really close to doing what we need ... just not quite
Reply With Quote
  #4 (permalink)  
Old 02-25-2011, 10:26 AM
Active Member
  
Posts: 33
Default
Yes it is possible:
- Configure in your zimbra domain zimbraWebClientLoginURL and zimbraWebClientLogoutURL to point to your main login page
- Configure your main site cookie/session timeout to be the same as zimbra's session timeout
Reply With Quote
  #5 (permalink)  
Old 02-25-2011, 12:17 PM
arw arw is offline
Active Member
  
Posts: 25
Default
Thx again I don't think this is really the same though as using our systems token/cookie 'natively' ...

Sorry not trying to be difficult to please, just looking for something quite specific. It might not even be possible just thought I'd see if anyone else has done it .
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.