MFA (Multi Factor Authentication), SSO, and Cyrus

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Cyrus Users,

We are currently using Cyrus IMAP with Roundcube webmail, and are looking to implement both SAML or CAS Single Sign-on and Multifactor Authentication (MFA) for all applications.   Currently Cyrus users authenticate back to Active Directory via SASL ldap_auth and this remains one of the few applications not setup with Single Sign-On (SSO).

Has anyone looked at doing SSO and MFA with Cyrus and any available webmail client?     (This ignores the complexity of also offering direct IMAP access.)   The challenge with SAML and CAS SSO is that the SP application (webmail is this case) does not have access to the user's password.

It seems like this could theoretically be set up to work for webmail with proxy authentication, or with an LDAP proxy from the MFA vendor for MFA without SSO, but I don't see any solutions that wouldn't require extensive customization/rewriting.

Has anyone put a solution like this into production?  My google-fu has failed me on this one.

Thanks in advance,
John Wade
Oakton Community College
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus




[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux