Hi MJ, That option directly correlates with how long the session is valid (as the SAML assertion will be removed from cache after this time, and can no longer be sent to Dovecot). 3600 would be one hour. You may want to set it higher, so that the user will stay logged in for a business day (maybe 8*3600 or 10*3600). Beware that all cache entries will be kept this long, so you may need to increase the the memcached size (if you have enough RAM) - I think that is already discussed in the manual, somewhere on the mailing list or in one of our SAML tickets ;-)
If you change it, don’t forget to modify the grace option accordingly in /etc/pam.d/dovecot for pam-script-saml. Regarding SOGo 3/4: The behaviour is the same. I currently live with it (only having some users, and most using Thunderbird/Apple Mail clients). I believe I asked once in a ticket why there is no handling of that case in the AJAX requests, but never got an explanation (maybe we also talked at cross-purposes ;-) ). Best regards, Christoph > Am 10.04.2018 um 13:31 schrieb mj (li...@merit.unu.edu) <users@sogo.nu>: > > Hi, > > We're playing again with sogo / dovecot / saml and would like some feedback. > > We have everything (sogo, keycloak IdP, dovecot with pam-script-saml) working > just fine, with one remaining issue: > > After a while the sogo web interface stops working, unless you change > 'module' (from mail module to calendar or addressbook) at which point we are > redirected to the IdP, logon again, and then things work again. > > While sogo has stopped working, and I change imap folder, nothing happens, > and apache logs two 302 lines like this: > >> Apr 10 13:24:21 sogod [15166]: ip.4.address.com "GET >> /SOGo/so/testuser/Mail/0/folderINBOX/folderfb/unseenCount HTTP/1.1" 302 0/0 >> 0.007 - - 0 >> Apr 10 13:24:21 sogod [15165]: ip.4.address.com "POST >> /SOGo/so/testuser/Mail/0/folderINBOX/folderfb/uids HTTP/1.1" 302 0/75 0.008 >> - - 0 > > I have set SOGoCacheCleanupInterval to 3600, should I set it higher..? Are > others using saml auth also seeing this? > > This is on a fresh stretch install, sogo version 2.3.23-1 > > Any use in tryting with sogo v3 or v4? > > MJ > -- > users@sogo.nu > https://inverse.ca/sogo/lists -- users@sogo.nu https://inverse.ca/sogo/lists
