Oh good I am glad I could help.
Regards,
Pablo Garaitonandia
Penn State University
ITS, Administrative Information Services
(814) 865-6385
Penn State University
ITS, Administrative Information Services
(814) 865-6385
pablo@psu.edu
From: "Matt Mencel" <MR-Mencel@wiu.edu>
To: "zimbra-hied-admins" <zimbra-hied-admins@sfu.ca>
Sent: Wednesday, December 18, 2013 12:24:57 PM
Subject: Re: Zimbra 8 and CAS Authentication
To: "zimbra-hied-admins" <zimbra-hied-admins@sfu.ca>
Sent: Wednesday, December 18, 2013 12:24:57 PM
Subject: Re: Zimbra 8 and CAS Authentication
Pablo you are MY HERO!
I guess this changed in version 8 because the path includes /zimbra in it on my 7.2 production hosts.
For those interested, I started investigating Shibboleth/SAML as an alternative. I may still head that direction anyway because of what is available through the InCommon Federation...among other benefits. I've got an open source Gluu system about 50% ready for testing.
http://www.incommon.org/
http://shibboleth.net/
http://www.gluu.org/
At least I can move forward with CAS again though....thanks again!
Matt
From: "Pablo E Garaitonandia" <peg11@psu.edu>
To: "Matt Mencel" <MR-Mencel@wiu.edu>
Cc: "zimbra-hied-admins" <zimbra-hied-admins@sfu.ca>
Sent: Monday, December 16, 2013 6:12:56 PM
Subject: Re: Zimbra 8 and CAS Authentication
To: "Matt Mencel" <MR-Mencel@wiu.edu>
Cc: "zimbra-hied-admins" <zimbra-hied-admins@sfu.ca>
Sent: Monday, December 16, 2013 6:12:56 PM
Subject: Re: Zimbra 8 and CAS Authentication
It has been my experience that with a single server installation you may have to change the Zimbra Web Client URL login from
zmprov md domain.name zimbraWebClientLoginURL https://HOSTNAME/zimbra/public/preauth.jsp
to
zmprov md domain.name zimbraWebClientLoginURL https://HOSTNAME/public/preauth.jsp
I hope that works.
Regards,
Pablo Garaitonandia
Penn State University
ITS, Administrative Information Services
(814) 865-6385
Penn State University
ITS, Administrative Information Services
(814) 865-6385
pablo@psu.edu
From: "Matt Mencel" <MR-Mencel@wiu.edu>
To: "zimbra-hied-admins" <zimbra-hied-admins@sfu.ca>
Sent: Monday, December 16, 2013 5:29:22 PM
Subject: Re: Zimbra 8 and CAS Authentication
To: "zimbra-hied-admins" <zimbra-hied-admins@sfu.ca>
Sent: Monday, December 16, 2013 5:29:22 PM
Subject: Re: Zimbra 8 and CAS Authentication
Yep....it's the same CAS that is in use for the production Zimbra instance.
From: "Steve Elliott" <selliott@kennesaw.edu>
To: MR-Mencel@wiu.edu
Sent: Monday, December 16, 2013 4:27:12 PM
Subject: Re: Zimbra 8 and CAS Authentication
-------- Original message --------
From: Matt Mencel <MR-Mencel@wiu.edu>
Date: 12/16/2013 5:08 PM (GMT-05:00)
To: zimbra-hied-admins <zimbra-hied-admins@sfu.ca>
Subject: Re: Zimbra 8 and CAS Authentication
![]()
[image/png:Screen Shot 2013-12-16 at 4.02.02 PM.png]
To: MR-Mencel@wiu.edu
Sent: Monday, December 16, 2013 4:27:12 PM
Subject: Re: Zimbra 8 and CAS Authentication
Crazy question but is the cas system running? That looks like the cas server is not putting up its page
Sent via the Samsung Galaxy S™ III, an AT&T 4G LTE smartphone
-------- Original message --------
From: Matt Mencel <MR-Mencel@wiu.edu>
Date: 12/16/2013 5:08 PM (GMT-05:00)
To: zimbra-hied-admins <zimbra-hied-admins@sfu.ca>
Subject: Re: Zimbra 8 and CAS Authentication
Attached is the error. Seems it cannot find the preauth file in the path I'm giving it. But it's there and with the correct permissions.
$ ls -l ~/jetty/webapps/zimbra/public/preauth.jsp
-rw-rw-r-- 1 zimbra zimbra 3767 Dec 16 15:36 /opt/zimbra/jetty/webapps/zimbra/public/preauth.jsp
Unless Zimbra 8 has changed where this file should be placed? That's the only thing I can think is wrong at the moment.....
From: "Matt Mencel" <MR-Mencel@wiu.edu>
To: "zimbra-hied-admins" <zimbra-hied-admins@sfu.ca>
Sent: Monday, December 16, 2013 4:00:44 PM
Subject: Re: Zimbra 8 and CAS Authentication
To: "zimbra-hied-admins" <zimbra-hied-admins@sfu.ca>
Sent: Monday, December 16, 2013 4:00:44 PM
Subject: Re: Zimbra 8 and CAS Authentication
Yes to the questions from Steve and Pablo...
We currently have CAS working just fine in our production 7.2.X install. I have to get this working in my test 8.0.6 instance before upgrading and am not having any luck today.
# ls -l ~/jetty/common/lib/
-rw-rw-r-- 1 zimbra zimbra 87311 Dec 12 18:27 cas-client-core-3.2.1.jar
Plus the file at ~/jetty/etc/zimbra.web.xml.in
I've walked through the documentation several times. I've eliminated the proxy from the mix so I'm talking direct to the mailbox host.
All this is configured as well....
zmprov gdpak domain.name
in the preauth.jsp edit the "public static final String DOMAIN_KEY = " to have your domain key
and edit the default login page location
zmprov md domain.name zimbraWebClientLoginURL https://HOSTNAME/zimbra/public/preauth.jsp
Matt
From: "Steve Elliott" <selliott@kennesaw.edu>
To: "Matt Mencel" <MR-Mencel@wiu.edu>
Sent: Monday, December 16, 2013 3:51:51 PM
Subject: Re: Zimbra 8 and CAS Authentication
To: "Matt Mencel" <MR-Mencel@wiu.edu>
Sent: Monday, December 16, 2013 3:51:51 PM
Subject: Re: Zimbra 8 and CAS Authentication
You put the cas-client-core file on your system? Made sure you referenced your systems proxy server in the zimbra.web.xml.in? ((I'm using 7.2.5 so hope that still applies for 8))
From: "Matt Mencel" <MR-Mencel@wiu.edu>
To: "zimbra-hied-admins" <zimbra-hied-admins@sfu.ca>
Sent: Monday, December 16, 2013 4:40:09 PM
Subject: Zimbra 8 and CAS Authentication
To: "zimbra-hied-admins" <zimbra-hied-admins@sfu.ca>
Sent: Monday, December 16, 2013 4:40:09 PM
Subject: Zimbra 8 and CAS Authentication
Anyone familiar with using CAS authentication in Zimbra 8? I've got it all configured but when I try to browse to the URL:
https://HOSTNAME/zimbra/public/preauth.jsp
I get a 404 not found error. The preauth.jsp file exists in ~/jetty/webapps/zimbra/public/. It's owned by zimbra:zimbra and chmod'd 664.
Matt