[prev in list] [next in list] [prev in thread] [next in thread] 

List:       forgerock-openig
Subject:    [Openig] Zimbra REST API problem
From:       cm () blinkenlichten ! de (Carsten Maass)
Date:       2012-11-23 5:19:36
Message-ID: 50AF0768.2000108 () blinkenlichten ! de
[Download RAW message or body]

Hello all,

i try to achieve SSO to Zimbra with OpenIG. Therefore i use a call to
Zimbras REST API
(http://wiki.zimbra.com/wiki/ZCS_6.0:Zimbra_REST_API_Reference#Authentication)
inside of OpenIG to pull the required authtoken from the server. So far
it works: I get the cookie with the authtoken and can authenticate with it.

The problem is: the Rest API doesn't honor the redirect in the request,
so the browser gets stuck with a blank page. If i click the refresh
button in the browser i successfully get on to my mailbox without
further prompt for authentication, but this is an annoyance i can't get
my users used to.

So the question is: how can i circumvent this behaviour?

By either:

- rewrite the response from the REST API to insert a proper redirect or
- completely intercept the response from the REST API, extract the
cookie and relay it to the client together with a proper redirect URI in
a static response?

The request and response to the REST API looks like this:

<quote>

--- REQUEST 4 --->

POST http://zimbra.mydomain.com/zimbra/home/myuser/?auth=sc HTTP/1.1
Authorization: Basic Y21hYlNzOme0N0hibGPrYXRjYOI2OA==
Content-Length: 100
Content-Type: application/x-www-form-urlencoded

username=myuser&redirect_to=http%3A%2F%2Fzimbra.mydomain.com%3A8080%2Fzimbra%2F&password=mypass


<--- RESPONSE 4 ---

HTTP/1.1 200 OK
Date: Fri, 23 Nov 2012 05:05:20 GMT
Content-Length: 0
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie:
ZM_AUTH_TOKEN=0_dfa4a055f410079b149e4e5340e67a7a8b2f0d70_69693d33363a35313934633234652 \
d393434612d343431642d396563312d3466346336386234356335913b6578703d31333a311336333831393932303539333b76763d313a303b747970653d363e7a696d6272613k;Path=/;HttpOnly


</quote>


Any help and hints for alternate ways to solve this problem are highly
appreciated.

Thanks in advance and greetings,
Carsten.


-- 
Blinkenlichten (Maass & Sacha GbR) - Open Source Solutions
Weigandufer 45 - 12059 Berlin - http://www.blinkenlichten.de
FON: ++49 +30 13896247 - MAIL: cm at blinkenlichten.de
FAX: ++49 +30 13896249 - PGP:  Key Id 0x2CBCA806
St.Nr. 16/274/61636


[prev in list] [next in list] [prev in thread] [next in thread]