WebSSO - Webmail with SAML or OIDC | MDaemon Technologies Community Forum
  1. Forum
  2. MDaemon
  3. WebSSO - Webmail with SAML or OIDC

WebSSO - Webmail with SAML or OIDC

  • A

    Hi Arron,

    Thank you for your quick response.

    Regarding the proxy part: my IDP is LemonLDAP::NG, which serves as both my IDP and my Nginx reverse proxy. Since it is open-source and a versatile tool, it allows me to monitor all traffic through the logs. I have made some progress and have some specific information to share with you:

    From the logs: https://connect.<mydomain.fr>/oauth2/authorize?response_type=code&scope=openid%20profile%20email&client_id=OpenIDMdaemon&state=07596abaca431d8cd18b7007a2846e85&nonce=103deca5c478401d4353ff18d77ba4d6&response_mode=form_post&redirect_uri=https%3A%2F%2Fmail.<mydomain.fr>%2FWorldClient.dll%3FView%3DOIDC

    As you can see, the redirect_uri is indeed pointing to mail.<mydomain.fr>. Consequently, I cannot use https://webmail.<mydomain.fr>/WorldClient.dll?View=OIDC as you suggested.

    In the MDaemon configuration, this field is greyed out, so I am currently stuck.

    My other option would have been to publish the webmail behind the mail.<mydomain.fr> URL instead of webmail.<mydomain.fr>, but unfortunately, that is not possible. For security reasons, our architecture requires SMTP (mail.<mydomain.fr) and HTTPS (webmail.<mydomain.fr>) traffic to pass through two different public IP addresses.

    The solution would be to either "un-grey" this field so I can specify it manually, or to modify this value directly in an MDaemon configuration file, rather than having it automatically generated as https://<SMTP Host Name>/WorldClient.dll?View=OIDC.

    What are your thoughts on this?

    0 likes
  • A

    If your provider is responding and saying that the redirect URI is https://mail.yourdomain.fr/WorldClient.dll?View=OIDC then its because that is what has been configured in the provider.  You should be able to change it in the provider conifgurations.

    The value shown in the MDAemon UI is just there to assist customers in figuring out what value should be. It is not a configuration that is being used by webmail.

    In addition, the redirect URI configured in your provider needs to use the same host name that is being used to access webmail.    So if you are accessing webmail using https://webmail.mydomain.com then the redirect URI that you configure in the provider should be https://webmail.mydomain.com/WorldClient.dll?View=OIDC.

     

    --
    Arron Caruth

    0 likes
  • A

    Hi Arron,

    Please excuse the delay in my response; I was off for the past few days.

    I have configured the correct URL on my IdP. The log I sent you was captured from my reverse proxy, showing the response returned by MDaemon.

    I would like to share some screenshots with you, but I would prefer to send them privately. Is there a way for me to do this, and if so, how should I proceed?

    Thank you, and have a great day!

    0 likes
  • A

    I'm sorry, I provided incorrect information about the Redirect URI previously. 

    During the beta cycle we were using the value in the host header provided by the browser to build the Redirect URI, but we updated it prior to the release of MDaemon 26.0.0 to use the Default Web Address for MDaemon Webmail or if that is blank it will use the FQDN configured for the server. 

    To set the Default Web Address for MDaemon Webmail login to Remote Administration and go to Main | Webmail Settings.  Enter the desired host name, save the changes and restart webmail.

    The example value provided in the user interface does not change when you update the Default Web Address for MDaemon Webmail.  I've added a task to update the UI to show the preferred value, based on the setting.

    Again, my apologies for the incorrect information.  Let us know if you are still having issues after making the change.

    --
    Arron Caruth

    0 likes
  • A

    Hi Arron,

    Thank you very much for your help. It works like a charm.

    Have a nice day,

    0 likes
  • 1
  • 2 / 2
Please login to reply to this topic!

Participants