You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm trying to configure Sogo to use my keycloak Idp.
Like Umardraz in #3 , I also have troubles to understand some parts of the readme.
What I did is a bit different.
I'm on a Debian Buster with Dovecot & Postfix with Ldap.
Sogo is working when using directly Ldap.
Now trying the Sso part.
The "Installation" section of your Readme is done with success (git clone + composer + php extensions)
In the Configuration section:
I installed libpam-script package (apt install libpam-script) => a new line is added first in the pam.d/common-* files : auth sufficient pam_script.so
With point 3 ("Use the given pam_script_auth file (or create a symlink from pam_script_auth to pam-script-saml.php)")
From the readme of libpam script package, it says that the scripts are by default located in /etc/pam-script (on Debian), but I guess the dir parameter is there to adapt this if needed.
I created that folder and added 2 symlinks in /etc/libpam-script to your scripts:
Is this correct?
From what I saw in your pam_script_auth file, the file pam-script-saml.php must be in the same directory.
Can we choose where to put both files and just adapt the dir parameter?
Concerning the param 'idp', knowing I have the idp-metadata.xml file in /etc/sogo, is this the correct file to reference?
idp=/etc/sogo/idp-metadata.xml
* Concerning the param trusted_sp, I must put the "EntityID of SP". Is this the client ID defined in the keycloak realm -> client? The client ID defined in my keycloak realm is the address to my Sogo saml2 metadata.
[EDIT] It's indeed the right value a my tests showed up later
I also tried to use your test.sh script included in the repo, but I don't know how to fill the test.env file.
Would this be the correct format? But what values to put there?
My problem is that I have an error with sogo when Keycloak send the user back to Sogo.
NSInvalidArgumentException REASON:Tried to add nil value for key 'login' to dictionary INFO:{}
I don't know if the error is in my Sogo or Keycloak configuration or because of the problem with authenticating in Dovecot from Sogo with a token (so the need for this auth script).
That's why I would like to try your test.sh script to be sure that part is working.
Thanks.
The text was updated successfully, but these errors were encountered:
Hello,
I'm trying to configure Sogo to use my keycloak Idp.
Like Umardraz in #3 , I also have troubles to understand some parts of the readme.
What I did is a bit different.
I'm on a Debian Buster with Dovecot & Postfix with Ldap.
Sogo is working when using directly Ldap.
Now trying the Sso part.
The "Installation" section of your Readme is done with success (git clone + composer + php extensions)
In the Configuration section:
I installed libpam-script package (
apt install libpam-script
) => a new line is added first in the pam.d/common-* files :auth sufficient pam_script.so
With point 3 ("Use the given pam_script_auth file (or create a symlink from pam_script_auth to pam-script-saml.php)")
From the readme of libpam script package, it says that the scripts are by default located in /etc/pam-script (on Debian), but I guess the dir parameter is there to adapt this if needed.
I created that folder and added 2 symlinks in /etc/libpam-script to your scripts:
Now that I have the 2 symlink in /etc/pam-script/, I adapted the file /etc/pam.d/common-auth to:
Is this correct?
From what I saw in your pam_script_auth file, the file pam-script-saml.php must be in the same directory.
Can we choose where to put both files and just adapt the dir parameter?
* Concerning the param trusted_sp, I must put the "EntityID of SP".Is this the client ID defined in the keycloak realm -> client?The client ID defined in my keycloak realm is the address to my Sogo saml2 metadata.[EDIT] It's indeed the right value a my tests showed up later
Would this be the correct format? But what values to put there?
My problem is that I have an error with sogo when Keycloak send the user back to Sogo.
I don't know if the error is in my Sogo or Keycloak configuration or because of the problem with authenticating in Dovecot from Sogo with a token (so the need for this auth script).
That's why I would like to try your test.sh script to be sure that part is working.
Thanks.
The text was updated successfully, but these errors were encountered: