Zimbra preauth v. maintenance mode, session expiry, etc.

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
Rich Graves
Outstanding Member
Outstanding Member
Posts: 687
Joined: Fri Sep 12, 2014 10:24 pm

Zimbra preauth v. maintenance mode, session expiry, etc.

Post by Rich Graves »

IN MY LIMITED TESTING OF ZCS 8.0.7, IT APPEARS THAT WHEN I SET "PREAUTH ZIMBRAWEBCLIENTLOGINURL AND ZIMBRAWEBCLIENTLOGOUTURL ON A VIRTUAL DOMAIN:


HITS ON THE VIRTUAL HOST REDIRECT PROPERLY TO THE SSO SYSTEM

THE AJAX V. HTML V. MOBILE UI IS CHOSEN BASED ON BROWSER USER-AGENT

EXPLICIT LOGOUT FROM ZWC REDIRECTS TO THE SSO SYSTEM


POSSIBLE ISSUES:


IS THERE AN ARGUMENT THAT I CAN PASS TO /SERVICE/PREAUTH TO FORCE A SPECIFIC CLIENT, LIKE /H/ INSTEAD OF /M/ ON AN IPAD?

COOKIE TIMEOUTS, INVALIDATED SESSIONS, AND MAINTENANCE MODE SEEM TO GO TO THE BUILT-IN ZCS LOGIN PAGE. THIS IS ACCEPTABLE AND MAYBE EVEN PREFERRED BECAUSE THE SSO SYSTEM CAN'T GIVE A SPECIFIC ERROR. IS THAT CORRECT, OR IS THIS JUST AN ARTIFACT OF THE TEST BEING A NON-DEFAULT VIRTUAL HOST AND THE NGINX PROXY NOT HAVING BEEN RESTARTED SINCE CONFIGURING THE VHOST?

IS THERE A WAY TO BYPASS SSO FOR SPECIFIC ACCOUNTS, FORCING USE OF THE INTERNAL LOGIN PAGE? USER-AGENT IS NOT THE ANSWER I'M LOOKING FOR.

ARE THERE OTHER EDGE CASES I HAVEN'T CONSIDERED?


WE ARE QUASI-HOSTED SO I DON'T THINK I WANT TO USE SAML, WHICH WHILE POSSIBLY MORE SECURE THAN A PRE-SHARED KEY, IS NEWER AND LESS DOCUMENTED. OR DOES ANYONE HERE HAPPEN TO USE AND RECOMMEND NATIVE SAML BETWEEN SHIBBOLETH 2.4.1 AND ZCS 8?
Top
Post Reply

Return to “Administrators”