Actual External Authentication Homepage
Please see Ajcody-External-Authentication
Zimbra supports the ability to use an external authentication source, but we don't support the external authentication servers setup and configuration.
Please see the following for more details:
You can also use the forums to see if others have worked out some good instructions when working with your particular external authentication server.
Another possibility is the use of Preauth, see:
SSO with Sun IAM - Identity And Access Manager
There is no Access Manager Policy Agent for Jetty Application Server [Oct 21, 2008]. We suggest the following.
- Build a webpage that is protected by Sun Java Access Manager. Presumably this would be an apache tomcat served page so that SJAM would be able to manage it with its existing policy agent for apache tomcat. This page would interact with SJAM to get access checks and then use the standard Zimbra pre-auth mechanism to pre-auth the user and bounce them into the zimbra app.
- In Zimbra, you would configure (on the domain) zimbraWebClientLoginURL (and zimbraWebClientLogoutURL), to the address of that apache tomcat served webpage from step 1 above. If someone attempts to login to zimbra directly, they would be redirected to the page which is controlled by SJAM. And when logging out, they would be again redirected to the webpage that is controlled by SJAM. There would be no way to log into or out of Zimbra without the approval and control of SJAM.
For details on the preauth mechanism, see:
JA-SIG Central Authentication Service Or CAS
CAS is an authentication system originally created by Yale University to provide a trusted way for an application to authenticate a user. CAS became a JA-SIG project in December 2004.
- CASifying Zimbra How-To
- "zimbra.web.xml.in adjusted to handle customizations (CAS)"