Zarafa webaccess with Shibboleth SSO (saml2) authentication
From Zarafa wiki
(Difference between revisions)
(→Prerequisites) |
(→Setup) |
||
| Line 18: | Line 18: | ||
Order allow,deny | Order allow,deny | ||
Allow from all | Allow from all | ||
| - | + | '' AuthType shibboleth | |
ShibRequireSession On | ShibRequireSession On | ||
ShibExportAssertion On | ShibExportAssertion On | ||
| - | require valid-user | + | require valid-user'' |
</Directory></pre> | </Directory></pre> | ||
Revision as of 08:23, 3 November 2010
Prerequisites
A working installation of:
- Zarafa (tested with 6.40.3 on RHEL5)
- Apache
- Shibboleth IDP & SP (tested with IDP 2.2 and SP 2.3.1)
Setup
- This setup assumes that you release the REMOTE_USER attribute after a successful login, if not sure test it with phpinfo();
- Add the needed shibboleth lines to the zarafa webacces config in /etc/httpd/conf.d/zarafa-webaccess.conf
This is an example of the configuration within Apache. There are other places where you can shibboleth your application
Alias /webaccess /usr/share/zarafa-webaccess
<Directory /usr/share/zarafa-webaccess/>
DirectoryIndex index.php
Options -Indexes +FollowSymLinks
AllowOverride Options
Order allow,deny
Allow from all
'' AuthType shibboleth
ShibRequireSession On
ShibExportAssertion On
require valid-user''
</Directory>
- Alter the zarafa server.cfg and add the apache user to the local_admin_users. Example: local_admin_users = root vmail apache
- Alter the file config.php in /usr/share/zarafa-webaccess and change LOGINNAME_STRIP_DOMAIN to 'true' (single company assumed)
