View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0001454 | SOGo | Web Preferences | public | 2011-10-06 08:58 | 2013-06-18 21:59 |
Reporter | Orchal | Assigned To | |||
Priority | normal | Severity | feature | Reproducibility | always |
Status | closed | Resolution | won't fix | ||
Product Version | 1.3.8a | ||||
Summary | 0001454: SOGo, CAS JASIG, IMAP and Sieve | ||||
Description | Hi, I've successfully configured CAS authentication for SOGo/IMAP. SOGo doesn't seem to act like a proxy, so it presents the same Service Ticket as IMAP, so my CAS server reject the request as the Service Ticket is for IMAP, not Sieve. Thank you ! Regards, | ||||
Tags | No tags attached. | ||||
Hi, Is there anybody who uses CAS, IMAP and Sieve ? It's an important issue since I just can't use Sieve with SOGo. Yes we have a specific website to manage Sieve scripts but I'd prefer only use SOGo. Do you need more information ? Regards, |
|
Here are the output on my SOGo server. failure. Attempting with a renewed password (no authname supported) Could not login 'me' on Sieve server: <0x0x1404cf0c[NGSieveClient]: socket=<NGActiveSocket[0x0x17d9d724]: mode=rw address=<0x0x178c1b24[NGInternetSocketAddress]: host=mysogoserver port=40563> connectedTo=<0x0x112aae9c[NGInternetSocketAddress]: host=mysieveserver port=2000>>>: {RawResponse = "{ok = 0; reason = \"Authentication Error\"; }"; result = 0; } Here the output on my CAS JASIG server : Granted service ticket [ST-31740-hoV1brhhwMNfnBkSMVUw-ocas] for service [imap://myimapserver] for user [https://mysogoserver/SOGo/casProxy] |
|
Hi, I found the solution. It's not related to SOGo. Sorry for the ticket. You can close this one. Problem was on my Cyrus server (php_cas), sieve was using sieve://myimapserver. I've changed for imaps://myimapserver just like imap and it's ok. |
|
In fact, it's kind of a workaround. My SSO Server is authenticating Sieve thinkink it's IMAP, but it works, and it's not unacceptable. Thank you ! |
|
Hmm not php_cas but pam_cas. |
|
Hi Jean-Philipe, thanks for reporting this. I've investigated this CAS issue and I think you'll have to keep your current configuration as-is. SOGo currently requests a single PGT from the the CAS server for the imap service. So the cas server will alway refuse to grant a service ticket for the sieve service using this PGT since the service names don't match. The solution you posted above: Using the same url as the -s parameter for pam_cas for both IMAP and Sieve is the only solution at the moment. Modifying sogo to request another PGT solely for sieve would be possible, but it would require some overhaul in the code and since we have a good workaround, it is not so high on the todo list. I'll update the docs to make this requirement clearer. Thanks. |
|
Closed for now, please reopen if you think the workaround is not appropriate. |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2011-10-06 08:58 | Orchal | New Issue | |
2011-12-16 11:28 | Orchal | Note Added: 0003178 | |
2011-12-16 11:30 | Orchal | Note Added: 0003179 | |
2011-12-16 11:33 | Orchal | Note Edited: 0003179 | |
2013-06-09 01:46 | Orchal | Note Added: 0005645 | |
2013-06-09 03:24 | Orchal | Note Added: 0005646 | |
2013-06-09 12:32 | Orchal | Note Added: 0005647 | |
2013-06-18 21:50 |
|
Note Added: 0005657 | |
2013-06-18 21:59 |
|
Note Added: 0005659 | |
2013-06-18 21:59 |
|
Assigned To | => jraby |
2013-06-18 21:59 |
|
Status | new => closed |
2013-06-18 21:59 |
|
Resolution | open => won't fix |