Zarafa webaccess with Shibboleth SSO (saml2) authentication

From Zarafa wiki

Revision as of 08:22, 3 November 2010 by Andres (Talk | contribs)
Jump to: navigation, search

Prerequisites

A working installation of:

  • Zarafa (tested with 6.40.2 on RHEL5)
  • Apache
  • Shibboleth IDP & SP (tested with IDP 2.1 and SP 2.3.1)

Setup

  • This setup assumes that you release the REMOTE_USER attribute after a successful login, if not sure test it with phpinfo();
  • Add the needed shibboleth lines to the zarafa webacces config in /etc/httpd/conf.d/zarafa-webaccess.conf

This is an example of the configuration within Apache. There are other places where you can shibboleth your application

Alias /webaccess /usr/share/zarafa-webaccess
<Directory /usr/share/zarafa-webaccess/>
    DirectoryIndex index.php
    Options -Indexes +FollowSymLinks
    AllowOverride Options
    Order allow,deny
    Allow from all
    AuthType shibboleth
    ShibRequireSession On
    ShibExportAssertion On
    require valid-user
</Directory>
  • Alter the zarafa server.cfg and add the apache user to the local_admin_users. Example: local_admin_users = root vmail apache
  • Alter the file config.php in /usr/share/zarafa-webaccess and change LOGINNAME_STRIP_DOMAIN to 'true' (single company assumed)
Personal tools