Zarafa webaccess with Shibboleth SSO (saml2) authentication

From Zarafa wiki

Revision as of 11:13, 27 October 2010 by Ddebyttere (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Prerequisites

A working installation of:

Zarafa (tested with 6.40.2 on RHEL5)
Apache
Shibboleth IDP & SP (tested with IDP 2.1 and SP 2.3.1)

Setup

This setup assumes that you release the uid attribute after a successful login
Add the needed shibboleth lines to the zarafa webacces config in /etc/httpd/conf.d/zarafa-webaccess.conf

This is an example of the configuration within Apache. There are other places where you can shibboleth your application

Alias /webaccess /usr/share/zarafa-webaccess
<Directory /usr/share/zarafa-webaccess/>
    DirectoryIndex index.php
    Options -Indexes +FollowSymLinks
    AllowOverride Options
    Order allow,deny
    Allow from all
    AuthType shibboleth
    ShibRequireSession On
    ShibExportAssertion On
    require valid-user
</Directory>

Alter the zarafa server.cfg and add the apache user to the local_admin_users. Example: local_admin_users = root vmail apache

Replace the REMOTE_USER variable in /usr/share/zarafa-webaccess/index.php with the uid attribute released by shibboleth.

Change:

if( ! $_POST && $_SERVER && array_key_exists("REMOTE_USER", $_SERVER)) {
    $_SESSION["username"] = utf8_to_windows1252($_SERVER['REMOTE_USER']);

To:

if( ! $_POST && $_SERVER && array_key_exists("uid", $_SERVER)) {
    $_SESSION["username"] = utf8_to_windows1252($_SERVER['uid']);

Retrieved from "http://www.zarafa.com/wiki/index.php/Zarafa_webaccess_with_Shibboleth_SSO_(saml2)_authentication"

Views

Personal tools

Log in

Search

Toolbox