Zarafa webaccess with Shibboleth SSO (saml2) authentication

From Zarafa wiki

(Difference between revisions)
Jump to: navigation, search
(Setup)
(Setup)
Line 7: Line 7:
== Setup ==
== Setup ==
-
* This setup assumes that you release the REMOTE_USER attribute after a successful login, if not sure test it with phpinfo();
+
* This setup assumes that you release the ''REMOTE_USER'' attribute after a successful login, if not sure test it with phpinfo();
* Add the needed shibboleth lines to the zarafa webacces config in ''/etc/httpd/conf.d/zarafa-webaccess.conf''
* Add the needed shibboleth lines to the zarafa webacces config in ''/etc/httpd/conf.d/zarafa-webaccess.conf''
This is an example of the configuration within Apache. There are other places where you can shibboleth your application
This is an example of the configuration within Apache. There are other places where you can shibboleth your application
Line 25: Line 25:
* Alter the zarafa ''server.cfg'' and add the apache user to the ''local_admin_users''. Example: ''local_admin_users'' = root vmail apache
* Alter the zarafa ''server.cfg'' and add the apache user to the ''local_admin_users''. Example: ''local_admin_users'' = root vmail apache
 +
 +
* Alter the file config.php in /usr/share/zarafa-webaccess and change ''LOGINNAME_STRIP_DOMAIN'' to 'true' (single company assumed)

Revision as of 08:22, 3 November 2010

Prerequisites

A working installation of:

  • Zarafa (tested with 6.40.2 on RHEL5)
  • Apache
  • Shibboleth IDP & SP (tested with IDP 2.1 and SP 2.3.1)

Setup

  • This setup assumes that you release the REMOTE_USER attribute after a successful login, if not sure test it with phpinfo();
  • Add the needed shibboleth lines to the zarafa webacces config in /etc/httpd/conf.d/zarafa-webaccess.conf

This is an example of the configuration within Apache. There are other places where you can shibboleth your application

Alias /webaccess /usr/share/zarafa-webaccess
<Directory /usr/share/zarafa-webaccess/>
    DirectoryIndex index.php
    Options -Indexes +FollowSymLinks
    AllowOverride Options
    Order allow,deny
    Allow from all
    AuthType shibboleth
    ShibRequireSession On
    ShibExportAssertion On
    require valid-user
</Directory>
  • Alter the zarafa server.cfg and add the apache user to the local_admin_users. Example: local_admin_users = root vmail apache
  • Alter the file config.php in /usr/share/zarafa-webaccess and change LOGINNAME_STRIP_DOMAIN to 'true' (single company assumed)
Personal tools