Difference between revisions of "CASifying Zimbra 6.0"

m
(Adding content from link)
Line 1: Line 1:
Go to http://www.ja-sig.org/wiki/display/CAS/CASifying+Zimbra+6.0
+
Go to http://www.ja-sig.org/wiki/display/CAS/CASifying+Zimbra+6.0 to see original article.
 +
 
 +
=Configure the Zimbra CACerts keystore=
 +
 
 +
Import your CAS Server certificates (cert and chain if you have one) into the Zimbra CACerts Keystore by executing following commands with the Zimbra user :
 +
 
 +
/opt/zimbra/java/bin/keytool -import -file casserver.cert -alias cascert -trustcacerts -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
 +
/opt/zimbra/java/bin/keytool -import -file casserver.chain -alias caschain -trustcacerts -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
 +
 
 +
 
 +
=Import the Java CAS Client library=
 +
 
 +
This library is usable for implementing custom CAS functionality and for simply CASifying web applications by application of a filter.
 +
 
 +
1. Download it from http://www.ja-sig.org/downloads/cas-clients/. The client version 3.1.x is working fine with Zimbra 6.0.x and CAS Server 3.3.x.
 +
2. Copy the cas-client-core-3.1.x.jar into /opt/zimbra/jetty/common/lib.
 +
 
 +
=Modify web.xml files=
 +
 
 +
==Zimbra Webapp==
 +
 
 +
Add following lines to /opt/zimbra/jetty/etc/zimbra.web.xml.in before the first <servlet> section (~line 230) and replace cas.url.com:port and zimbra.url.com:port.
 +
 
 +
Default ports are 8443 for the CAS Server and 443 for the Zimbra Web Client (or 80 if HTTP is used instead of HTTPS) :
 +
 
 +
<filter>
 +
<filter-name>CasSingleSignOutFilter</filter-name>
 +
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
 +
</filter>
 +
 +
<filter-mapping>
 +
<filter-name>CasSingleSignOutFilter</filter-name>
 +
<url-pattern>/*</url-pattern>
 +
</filter-mapping>
 +
 +
<listener>
 +
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
 +
</listener>
 +
 +
<filter>
 +
<filter-name>CasAuthenticationFilter</filter-name>
 +
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
 +
<init-param>
 +
<param-name>casServerLoginUrl</param-name>
 +
<param-value>https://cas.url.com:port/cas/login</param-value>
 +
</init-param>
 +
<init-param>
 +
<param-name>serverName</param-name>
 +
<param-value>https://zimbra.url.com:port</param-value>
 +
</init-param>
 +
</filter>
 +
 +
<filter-mapping>
 +
<filter-name>CasAuthenticationFilter</filter-name>
 +
<url-pattern>/public/preauth.jsp</url-pattern>
 +
</filter-mapping>
 +
 +
<filter>
 +
<filter-name>CasValidationFilter</filter-name>
 +
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
 +
<init-param>
 +
<param-name>casServerUrlPrefix</param-name>
 +
<param-value>https://cas.url.com:port/cas</param-value>
 +
</init-param>
 +
<init-param>
 +
<param-name>serverName</param-name>
 +
<param-value>https://zimbra.url.com:port</param-value>
 +
</init-param>
 +
<init-param>
 +
<param-name>redirectAfterValidation</param-name>
 +
<param-value>true</param-value>
 +
</init-param>
 +
</filter>
 +
 +
<filter-mapping>
 +
<filter-name>CasValidationFilter</filter-name>
 +
<url-pattern>/*</url-pattern>
 +
</filter-mapping>
 +
 +
<filter>
 +
<filter-name>CasHttpServletRequestWrapperFilter</filter-name>
 +
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
 +
</filter>
 +
 +
<filter-mapping>
 +
<filter-name>CasHttpServletRequestWrapperFilter</filter-name>
 +
<url-pattern>/*</url-pattern>
 +
</filter-mapping>
 +
 
 +
 
 +
==ZimbraAdmin Webapp==
 +
 
 +
Add same lines as before to /opt/zimbra/jetty/etc/zimbraAdmin.web.xml.in before the first <servlet> section (~line 230), and replace cas.url.com:port and zimbra.url.com:port.
 +
 
 +
Default ports are 8443 for the CAS Server and 7071 for the Zimbra Admin Console.
 +
 
 +
=Create the PreAuth key=
 +
 
 +
Execute the following command with the Zimbra user :
 +
 
 +
zmprov gdpak yourdomain.com
 +
 
 +
This will create the PreAuth key "359d722926fc3daebd0fee5d8b9dad9bbe1646e68041afa8ab662c6a9152e6b9".
 +
 
 +
=Create preauth.jsp files=
 +
 
 +
==Zimbra Webapp==
 +
 
 +
1. Copy the preauth.jsp-zimbra file (download it from this wiki page attachments) to /opt/zimbra/jetty/webapps/zimbra/public/preauth.jsp.
 +
 
 +
2. Replace the DOMAIN_KEY with the key you previously generate with zmprov :
 +
 
 +
public static final String DOMAIN_KEY = "359d722926fc3daebd0fee5d8b9dad9bbe1646e68041afa8ab662c6a9152e6b9";
 +
 
 +
3. Replace yourdomaine.com with your domain at line 90.
 +
 
 +
==ZimbraAdmin Webapp==
 +
 
 +
1. Copy the preauth.jsp-zimbraadmin file (download it from this wiki page attachments) to /opt/zimbra/jetty/webapps/zimbraAdmin/public/preauth.jsp.
 +
 
 +
2. Replace the DOMAIN_KEY with the key you previously generate with zmprov :
 +
 
 +
public static final String DOMAIN_KEY = "359d722926fc3daebd0fee5d8b9dad9bbe1646e68041afa8ab662c6a9152e6b9";
 +
 
 +
3. Replace yourdomaine.com with your domain at line 92.
 +
 
 +
=Replace login and logout URLs=
 +
 
 +
Execute following commands with the Zimbra user :
 +
 
 +
zmprov md yourdomain.com zimbraWebClientLoginURL https://zimbra.url.com:port/zimbra/public/preauth.jsp
 +
zmprov md yourdomain.com zimbraWebClientLogoutURL https://cas.url.com:port/cas/logout
 +
zmprov md yourdomain.com zimbraAdminConsoleLoginURL https://zimbra.url.com:port/zimbraAdmin/public/preauth.jsp
 +
zmprov md yourdomain.com zimbraAdminConsoleLogoutURL https://cas.url.com:port/cas/logout
 +
 
 +
Replace cas.url.com:port and zimbra.url.com:port.
 +
 
 +
Default ports are 8443 for the CAS Server, 443 for the Zimbra Web Client (or 80 if HTTP is used instead of HTTPS) and 7071 for the Zimbra Admin Console.
 +
 
 +
=Restart Zimbra=
 +
 
 +
Execute following commands with the Zimbra user:
 +
 
 +
zmcontrol stop
 +
zmcontrol start

Revision as of 18:31, 30 November 2009

Go to http://www.ja-sig.org/wiki/display/CAS/CASifying+Zimbra+6.0 to see original article.

Configure the Zimbra CACerts keystore

Import your CAS Server certificates (cert and chain if you have one) into the Zimbra CACerts Keystore by executing following commands with the Zimbra user :

/opt/zimbra/java/bin/keytool -import -file casserver.cert -alias cascert -trustcacerts -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
/opt/zimbra/java/bin/keytool -import -file casserver.chain -alias caschain -trustcacerts -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit


Import the Java CAS Client library

This library is usable for implementing custom CAS functionality and for simply CASifying web applications by application of a filter.

1. Download it from http://www.ja-sig.org/downloads/cas-clients/. The client version 3.1.x is working fine with Zimbra 6.0.x and CAS Server 3.3.x. 2. Copy the cas-client-core-3.1.x.jar into /opt/zimbra/jetty/common/lib.

Modify web.xml files

Zimbra Webapp

Add following lines to /opt/zimbra/jetty/etc/zimbra.web.xml.in before the first <servlet> section (~line 230) and replace cas.url.com:port and zimbra.url.com:port.

Default ports are 8443 for the CAS Server and 443 for the Zimbra Web Client (or 80 if HTTP is used instead of HTTPS) :

<filter>
	<filter-name>CasSingleSignOutFilter</filter-name>
	<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>

<filter-mapping>
	<filter-name>CasSingleSignOutFilter</filter-name>
	<url-pattern>/*</url-pattern>
</filter-mapping>

<listener>
	<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>

<filter>
	<filter-name>CasAuthenticationFilter</filter-name>
	<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
	<init-param>
		<param-name>casServerLoginUrl</param-name>
		<param-value>https://cas.url.com:port/cas/login</param-value>
	</init-param>
	<init-param>
		<param-name>serverName</param-name>
		<param-value>https://zimbra.url.com:port</param-value>
	</init-param>
</filter>

<filter-mapping>
	<filter-name>CasAuthenticationFilter</filter-name>
	<url-pattern>/public/preauth.jsp</url-pattern>
</filter-mapping>

<filter>
	<filter-name>CasValidationFilter</filter-name>
	<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
	<init-param>
		<param-name>casServerUrlPrefix</param-name>
		<param-value>https://cas.url.com:port/cas</param-value>
	</init-param>
	<init-param>
		<param-name>serverName</param-name>
		<param-value>https://zimbra.url.com:port</param-value>
	</init-param>
	<init-param>
		<param-name>redirectAfterValidation</param-name>
		<param-value>true</param-value>
	</init-param>
</filter>

<filter-mapping>
	<filter-name>CasValidationFilter</filter-name>
	<url-pattern>/*</url-pattern>
</filter-mapping>

<filter>
	<filter-name>CasHttpServletRequestWrapperFilter</filter-name>
	<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>

<filter-mapping>
	<filter-name>CasHttpServletRequestWrapperFilter</filter-name>
	<url-pattern>/*</url-pattern>
</filter-mapping>


ZimbraAdmin Webapp

Add same lines as before to /opt/zimbra/jetty/etc/zimbraAdmin.web.xml.in before the first <servlet> section (~line 230), and replace cas.url.com:port and zimbra.url.com:port.

Default ports are 8443 for the CAS Server and 7071 for the Zimbra Admin Console.

Create the PreAuth key

Execute the following command with the Zimbra user :

zmprov gdpak yourdomain.com

This will create the PreAuth key "359d722926fc3daebd0fee5d8b9dad9bbe1646e68041afa8ab662c6a9152e6b9".

Create preauth.jsp files

Zimbra Webapp

1. Copy the preauth.jsp-zimbra file (download it from this wiki page attachments) to /opt/zimbra/jetty/webapps/zimbra/public/preauth.jsp.

2. Replace the DOMAIN_KEY with the key you previously generate with zmprov :

public static final String DOMAIN_KEY = "359d722926fc3daebd0fee5d8b9dad9bbe1646e68041afa8ab662c6a9152e6b9";

3. Replace yourdomaine.com with your domain at line 90.

ZimbraAdmin Webapp

1. Copy the preauth.jsp-zimbraadmin file (download it from this wiki page attachments) to /opt/zimbra/jetty/webapps/zimbraAdmin/public/preauth.jsp.

2. Replace the DOMAIN_KEY with the key you previously generate with zmprov :

public static final String DOMAIN_KEY =	"359d722926fc3daebd0fee5d8b9dad9bbe1646e68041afa8ab662c6a9152e6b9";

3. Replace yourdomaine.com with your domain at line 92.

Replace login and logout URLs

Execute following commands with the Zimbra user :

zmprov md yourdomain.com zimbraWebClientLoginURL https://zimbra.url.com:port/zimbra/public/preauth.jsp
zmprov md yourdomain.com zimbraWebClientLogoutURL https://cas.url.com:port/cas/logout
zmprov md yourdomain.com zimbraAdminConsoleLoginURL https://zimbra.url.com:port/zimbraAdmin/public/preauth.jsp
zmprov md yourdomain.com zimbraAdminConsoleLogoutURL https://cas.url.com:port/cas/logout

Replace cas.url.com:port and zimbra.url.com:port.

Default ports are 8443 for the CAS Server, 443 for the Zimbra Web Client (or 80 if HTTP is used instead of HTTPS) and 7071 for the Zimbra Admin Console.

Restart Zimbra

Execute following commands with the Zimbra user:

zmcontrol stop
zmcontrol start
Jump to: navigation, search