Results 1 to 3 of 3

Thread: Thirdparty app using zimbra authentication for singlesignon

  1. #1
    mneelapu is offline Starter Member
    Join Date
    Nov 2006
    Posts
    2
    Rep Power
    8

    Default Thirdparty app using zimbra authentication for singlesignon

    Hi
    Context: Iam trying to use the zimbra authentication mechanism for my other application.Users first enters into zimbra. From there they can acess multiple applications, through custom zimmlets. For this we decided to use the already existing ZM_AUTH_TOKEN and user id in the cookie (from sucessfull authorisation with zimbra), to check wheter user is logged in (single signon).

    Gone through the /opt/zimbra/doc/soap.txt. Was sucessfully able to pass SOAP request
    <SOAP-ENV:Envelope
    xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Header/>
    <SOAP-ENV:Body>
    <AuthRequest xmlns="urn:zimbraAccount">
    <account by="id">manoj@localhost.localdomain</account>
    <password>...</password>
    <virtualHost>localhost</virtualHost>
    </AuthRequest>
    </SOAP-ENV:Body>
    </SOAP-ENV:Envelope>
    and getting the following response in response.xml.

    But when we try to pass ZM_AUTH_TOKEN from cookie instead of password we are running into sopa fault exceptions
    <SOAP-ENV:Envelope
    xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Header/>
    <SOAP-ENV:Body>
    <AuthRequest xmlns="urn:zimbraAccount">
    <account by="id">manoj@localhost.localdomain</account>
    <preauth> ZM_AUTH_TOKEN value from cookie</preauth>
    <virtualHost>localhost</virtualHost>
    </AuthRequest>
    </SOAP-ENV:Body>
    </SOAP-ENV:Envelope>

    Is it possible to invoke some webservice to check whether the user is logged in based on ZM_AUTH_TOKEN in cookie and userid (user@localhost.localdomain). If so how do we do this.

    Thanks in advance
    Manoj
    Attached Files Attached Files

  2. #2
    KevinH's Avatar
    KevinH is offline Expert Member
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    18

    Default

    Did you look at preauth? It has some ability to check a user's auth and redirect them to a new page.
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

  3. #3
    mneelapu is offline Starter Member
    Join Date
    Nov 2006
    Posts
    2
    Rep Power
    8

    Default

    Hi Kevin,

    Thanks for response. I have not gone through the preauth.txt , which will be doing now.

    The soap fault issue is resolved. Our SOAP header in the SOAP message is not proper so we are getting the soapfault exceptions yesterday. Today we were able to sucessfully athenticate from our java programand were able to consume all webservices.

    Based on your advice, we will try if preauth mechanism is suitable for our applciation.

    Thanks
    Manoj

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. 4.5 Upgrade failure
    By brained in forum Installation
    Replies: 9
    Last Post: 03-03-2007, 03:30 PM
  2. Replies: 7
    Last Post: 01-24-2007, 11:03 PM
  3. Logger
    By jholder in forum Installation
    Replies: 24
    Last Post: 03-31-2006, 11:50 AM
  4. Seeming variety of problems on suse-9.1
    By Crexis in forum Installation
    Replies: 52
    Last Post: 03-04-2006, 12:19 AM
  5. Zimbra Processor Output
    By UltraFlux in forum Installation
    Replies: 3
    Last Post: 02-01-2006, 08:23 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •