[dev] Shibboleth/SSO integration
Matt Selsky
selsky at columbia.edu
Thu Apr 5 17:10:08 UTC 2007
One option is to have the IMAP server just trust IMP.
Cyrus proxyd since 2.2.9 has a -N switch to allow login without
authentication. IMP just passes along REMOTE_USER as provided by
Cosign, etc. If don't know if any other IMAP servers have similar
options.
For a diagram of how UMich does this, if it helps,
http://www.umich.edu/~umweb/software/cosign/cosign-discuss/pdf00001.pdf
--
Matt
On Apr 5, 2007, at 12:49 PM, Michael Rubinsky wrote:
> I could be wrong here, but I would image the problem is that the IMAP
> server requires the password...you could very well be authenticated to
> Horde via REMOTE_USER, but the IMAP server would know nothing about
> that...not really sure how to get around that other than storing the
> user's IMAP password somewhere within Horde, but that would kinda
> defeat
> the purpose...unless of course there are IMAP servers that understand
> OpenID, but I do not know enough to make an intelligent comment
> there....
>
>
>
>
>
> Martin Fraser wrote:
>> There doesn't seem to be an answer to the question below.
>>
>> I'm running into the same problem with an OpenID consumer, any ideas?
>>
>> Martin...
>>
>>
>>
>> Cassio Nishiguchi wrote:
>>
>>> Hi,
>>> I am working on developing an authentication module to integrate
>>> Horde with
>>> Shibboleth (http://shibboleth.internet2.edu), which should work
>>> basically
>>> like a single-sign-on system - by the time the user gets to
>>> Horde, he is
>>> already logged in. Shibboleth can set the username on an HTTP
>>> header like
>>> REMOTE_USER, so I wrote a little Auth_shib class that supports
>>> transparent
>>> authentication and gets the username from the header. However,
>>> my problem is
>>> having this work with IMP. It seems that IMP requires a password to
>>> authenticate the user, which Shibboleth doesn't provide. Is
>>> there any good
>>> way to get around that requirement? Has anyone else deployed
>>> Horde/IMP
>>> behind an SSO system? If so, how did you get the IMP login to work?
>>> Any help is appreciated,
>>>
>>> Cassio
>>>
>>> __________________________
>>> www.protectnetwork.org
>>>
>>>
>>
>>
>>
>
> --
> Thanks,
> Mike
>
> --
> The Horde Project (www.horde.org)
> mrubinsk at horde.org
>
>
> --
> Horde developers mailing list - Join the hunt: http://horde.org/
> bounties/
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: dev-unsubscribe at lists.horde.org
More information about the dev
mailing list