Hey,
I've created an AuthProvider implementation to use our authentication system.
It's more or less working, I largely copied the ZimbraAuthProvider implementation and changed as necessary...
I've hit a problem though: trying to auth through SOAP using our customer provider.
I'm basing my tests on this article: http://blog.zimbra.com/blog/archives/20 ... imbra.html]» Zimbra :: Blog -- specifically the part:
b07b804c-7c29-ea16-7300-4f3d6f7928ac
... I have constructed a SOAP auth request that looks like this using the LmcSoapRequest classes:
xxxTokenFromOurAuthSystem
Our AuthProvider implementation checks with our signon system and validates the supplied token.
However all the logging indicates that even though I am specifying our custom AuthProvider impl in the type as per the blog article it is never being called ...
If anyone has any insights they would be appreciated, maybe I'm just missing something simple?
SOAP auth against AuthProvider
SOAP auth against AuthProvider
Will post a follow up infos ...
Have done some packet inspecting and the big difference I can see is that the auth-token im sending is in the soap:body rather than the soap:header as in the example ... will investigate to see if I can get this element in the header using the Lmc* classes ... or if it at leasts works if I make a raw request with it in the header.
Have done some packet inspecting and the big difference I can see is that the auth-token im sending is in the soap:body rather than the soap:header as in the example ... will investigate to see if I can get this element in the header using the Lmc* classes ... or if it at leasts works if I make a raw request with it in the header.
SOAP auth against AuthProvider
No luck just using raw posts to the soap api either ...
Below is a request that DOES work, using the standard auth token:
http://www.w3.org/2003/05/soap-envelope ... p-envelope">
...long-ass-zimbra-auth-token...
Now the request trying to use our custom AuthProvider impl:
http://www.w3.org/2003/05/soap-envelope ... p-envelope">
abc-custom-authsystem-token-xyz
This generates a 500 response:
Code:service.AUTH_REQUIRED
at com.zimbra.common.service.ServiceException.AUTH_REQUIRED(ServiceException.java:296)
....
Below is a request that DOES work, using the standard auth token:
http://www.w3.org/2003/05/soap-envelope ... p-envelope">
...long-ass-zimbra-auth-token...
Now the request trying to use our custom AuthProvider impl:
http://www.w3.org/2003/05/soap-envelope ... p-envelope">
abc-custom-authsystem-token-xyz
This generates a 500 response:
Code:service.AUTH_REQUIRED
at com.zimbra.common.service.ServiceException.AUTH_REQUIRED(ServiceException.java:296)
....
-
- Advanced member
- Posts: 114
- Joined: Sat Sep 13, 2014 12:45 am
- Location: Tokyo
- Contact:
SOAP auth against AuthProvider
Hi arw,
Firtst of all, can we make sure that your auth provider extension is properly loaded?
You can chcek that from mailbox.log. Or you can log some messages in extesion's init() to mailbox.log and check that.
Then if it is there, please check that zimbra_auth_provider setting in localconfig
is properly done.
Firtst of all, can we make sure that your auth provider extension is properly loaded?
You can chcek that from mailbox.log. Or you can log some messages in extesion's init() to mailbox.log and check that.
Then if it is there, please check that zimbra_auth_provider setting in localconfig
is properly done.
SOAP auth against AuthProvider
Hi Yutaka,
Yes zmlocalconfig value zimbra_auth_provider is correctly set to 'CUSTOM_AUTH_PROVIDER' and logging indicates the extension is loading properly. Also login calls made form the main web-client login screen (which uses SOAP) can be seen to be calling the custom auth provider.
Thx for reply ... hope you can shed some light!
Yes zmlocalconfig value zimbra_auth_provider is correctly set to 'CUSTOM_AUTH_PROVIDER' and logging indicates the extension is loading properly. Also login calls made form the main web-client login screen (which uses SOAP) can be seen to be calling the custom auth provider.
Thx for reply ... hope you can shed some light!
-
- Advanced member
- Posts: 114
- Joined: Sat Sep 13, 2014 12:45 am
- Location: Tokyo
- Contact:
SOAP auth against AuthProvider
So basically, you said that your auth provider looks to be excuted for every auth request, but it does not look to pick up your own auth token, right?
Hmm...
Can we see your auth provider source code?
Hmm...
Can we see your auth provider source code?
SOAP auth against AuthProvider
It's called by the main login web interface which makes a soap call to the api.
It is not called when I make a direct soap request as detailed in the blog entry, specifying my AuthProvider in the authToken 'type' attribute.
I will try to post the source code a bit later but it is basically a carbon copy of ZimbraAuthProvider except I added an additional POST call to our SSO system to verify the token.
It is not called when I make a direct soap request as detailed in the blog entry, specifying my AuthProvider in the authToken 'type' attribute.
I will try to post the source code a bit later but it is basically a carbon copy of ZimbraAuthProvider except I added an additional POST call to our SSO system to verify the token.
-
- Advanced member
- Posts: 138
- Joined: Sat Sep 13, 2014 1:00 am
SOAP auth against AuthProvider
Looks like your auth provider implementation is working only when auth cookie is present. Can you check your implementation of the authToken(Element soapCtxt, Map engineCtxt) method since that's the method that looks up the token inside the soap header context.