Preauth Failing (Invalid Timestamp)

[code0]

I'm having an issue with preauth where I'm getting a message that the timestamp is incorrect. I'm using a PHP script to generate the values. The times on both servers are within a few seconds of each other and are in the same timezone. Also, zmprov gdpa gives me the same result as my script. Any thoughts? An example is below of what my script is returning for a URL:

Code:

http://zimbra.domain.com/service/preauth?account=user%40domain.com&by=name&timestamp=1177004153&expires=0&preauth=PAKSTRING

[mlodick]

Try multiplying the timestamp by 1000 (or concatenating '000' onto the end of it). The timestamp that PHP gives is in seconds, and the java preauth servlet is looking for a value in milliseconds, I believe. At least that is how I got it to work.

Mike

[code0]

Great! Adding 000 to the end of the timestamp worked great. Now I have Zimbra integrated with our SSO solution. Thanks!

[technoteen]

can you please post your php code

[code0]

This is for making a PAK with the e-mail address. zimbraPAK contains the key generated by the gdpak command.

Code:

function getZimbraPAK($email) {
        // Returns query array with the PAK in it for an e-mail address
        global $zimbraPAK;

        $PAKTime = time()."000";
        $preauthString = $email."|name|0|".$PAKTime;
        $PAK = hash_hmac ("sha1",$preauthString,$zimbraPAK);

        $query = array(
                                                                "account" => $email,
                                                                "by" => "name",
                                                                "timestamp" => $PAKTime,
                                                                "expires" => "0",
                                                                "preauth" => $PAK);
        return $query;
}

Turn this into a URL with....

Code:

$zimbraPAK = "RANDOM_ZIMBRA_PAK";
$query = getZimbraPAK("user@domain.com");
$url = $zimbraHost."/service/preauth?".http_build_query($query);

I also use the following to get the mailbox node of the user...

Code:

function getZimbraHomeServer($email) {
        // Gets the users mailbox server
        $zimbraLDAP = ldap_connect("zimbra.domain.com");
        ldap_set_option($zimbraLDAP, LDAP_OPT_PROTOCOL_VERSION, 3);
        $zimbraLDAPR = ldap_bind($zimbraLDAP);

        // Query Zimbra Accounts
        $zimbraLDAPBase = "ou=people,dc=co,dc=marshall,dc=ia,dc=us";
        $zimbraSearchFilter="(zimbraMailDeliveryAddress=".$email.")";
        $zimbraSearchRes = ldap_search($zimbraLDAP,$zimbraLDAPBase,$zimbraSearchFilter);
        $zimbraSearchEntries = ldap_get_entries($zimbraLDAP,$zimbraSearchRes);

        return $zimbraSearchEntries[0]["zimbramailhost"][0];
}