CASifying Zimbra 6.0
Go to http://www.ja-sig.org/wiki/display/CAS/CASifying+Zimbra+6.0 to see original article.
Configure the Zimbra CACerts keystore
Import your CAS Server certificates (cert and chain if you have one) into the Zimbra CACerts Keystore by executing following commands with the Zimbra user :
/opt/zimbra/java/bin/keytool -import -file casserver.cert -alias cascert -trustcacerts -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit /opt/zimbra/java/bin/keytool -import -file casserver.chain -alias caschain -trustcacerts -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
Import the Java CAS Client library
This library is usable for implementing custom CAS functionality and for simply CASifying web applications by application of a filter.
1. Download it from http://www.ja-sig.org/downloads/cas-clients/. The client version 3.1.x is working fine with Zimbra 6.0.x and CAS Server 3.3.x. 2. Copy the cas-client-core-3.1.x.jar into /opt/zimbra/jetty/common/lib.
Modify web.xml files
Zimbra Webapp
Add following lines to /opt/zimbra/jetty/etc/zimbra.web.xml.in before the first <servlet> section (~line 230) and replace cas.url.com:port and zimbra.url.com:port.
Default ports are 8443 for the CAS Server and 443 for the Zimbra Web Client (or 80 if HTTP is used instead of HTTPS) :
<filter> <filter-name>CasSingleSignOutFilter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> </filter> <filter-mapping> <filter-name>CasSingleSignOutFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener> <filter> <filter-name>CasAuthenticationFilter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>https://cas.url.com:port/cas/login</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>https://zimbra.url.com:port</param-value> </init-param> </filter> <filter-mapping> <filter-name>CasAuthenticationFilter</filter-name> <url-pattern>/public/preauth.jsp</url-pattern> </filter-mapping> <filter> <filter-name>CasValidationFilter</filter-name> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://cas.url.com:port/cas</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>https://zimbra.url.com:port</param-value> </init-param> <init-param> <param-name>redirectAfterValidation</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>CasValidationFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>CasHttpServletRequestWrapperFilter</filter-name> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> </filter> <filter-mapping> <filter-name>CasHttpServletRequestWrapperFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
ZimbraAdmin Webapp
Add same lines as before to /opt/zimbra/jetty/etc/zimbraAdmin.web.xml.in before the first <servlet> section (~line 230), and replace cas.url.com:port and zimbra.url.com:port.
Default ports are 8443 for the CAS Server and 7071 for the Zimbra Admin Console.
Create the PreAuth key
Execute the following command with the Zimbra user :
zmprov gdpak yourdomain.com
This will create the PreAuth key "359d722926fc3daebd0fee5d8b9dad9bbe1646e68041afa8ab662c6a9152e6b9".
Create preauth.jsp files
Zimbra Webapp
1. Copy the preauth.jsp-zimbra file (download it from this wiki page attachments) to /opt/zimbra/jetty/webapps/zimbra/public/preauth.jsp.
2. Replace the DOMAIN_KEY with the key you previously generate with zmprov :
public static final String DOMAIN_KEY = "359d722926fc3daebd0fee5d8b9dad9bbe1646e68041afa8ab662c6a9152e6b9";
3. Replace yourdomaine.com with your domain at line 90.
ZimbraAdmin Webapp
1. Copy the preauth.jsp-zimbraadmin file (download it from this wiki page attachments) to /opt/zimbra/jetty/webapps/zimbraAdmin/public/preauth.jsp.
2. Replace the DOMAIN_KEY with the key you previously generate with zmprov :
public static final String DOMAIN_KEY = "359d722926fc3daebd0fee5d8b9dad9bbe1646e68041afa8ab662c6a9152e6b9";
3. Replace yourdomaine.com with your domain at line 92.
Replace login and logout URLs
Execute following commands with the Zimbra user :
zmprov md yourdomain.com zimbraWebClientLoginURL https://zimbra.url.com:port/zimbra/public/preauth.jsp zmprov md yourdomain.com zimbraWebClientLogoutURL https://cas.url.com:port/cas/logout zmprov md yourdomain.com zimbraAdminConsoleLoginURL https://zimbra.url.com:port/zimbraAdmin/public/preauth.jsp zmprov md yourdomain.com zimbraAdminConsoleLogoutURL https://cas.url.com:port/cas/logout
Replace cas.url.com:port and zimbra.url.com:port.
Default ports are 8443 for the CAS Server, 443 for the Zimbra Web Client (or 80 if HTTP is used instead of HTTPS) and 7071 for the Zimbra Admin Console.
Restart Zimbra
Execute following commands with the Zimbra user:
zmcontrol stop zmcontrol start