Hi,
We have been trying this as well. I will send you the notes I kept,
hopefully this will get you going.
First two links:
https://lists.inverse.ca/sogo/arc/users/2016-10/msg00100.html
https://sogo.nu/bugs/view.php?id=3933
In keycloak, make sure to configure:
NameID format: username
select FORCE NameID format
mappers
user property uid = uid / uid /uid (nasic)
user property mail = mail / email (property) / mail (basic)
in sogo.conf:
SOGoCacheCleanupInterval = 3600;
SOGoAuthenticationType = saml2;
NGImap4AuthMechanism = PLAIN;
SOGoSAML2PrivateKeyLocation = "/etc/sogo/key.pem";
SOGoSAML2CertificateLocation = "/etc/sogo/cert.pem";
SOGoSAML2IdpMetadataLocation = "/etc/sogo/id-metadata.xml";
SOGoSAML2IdpPublicKeyLocation = "/etc/sogo/id.crt";
// SOGoSAML2IdpCertificateLocation = "/etc/sogo/idp.crt";
SOGoSAML2LoginAttribute = "mail";
SOGoSAML2LogoutEnabled = YES;
SOGoSAML2LogoutURL = "https://www.company.com";
id-metadata.xml contains the generic keycloak metadata from
https://id.merit.unu.edu/auth/realms/merit/protocol/saml/descriptor
Then, for dovecot you can use a non-auth listener on localhost, or
configure dovecot to respond to saml auth:
https://github.com/ck-ws/pam-script-saml/
The author of this last script is also on this mailinglist.
Hopefully this will get you going.
MJ
On 10/11/2018 03:41 PM, "Conta de Administracao Expresso"
(expresso.supo...@dpf.gov.br) wrote:
Hello everyone,
I need to configure SOGo 3.2.1 to authenticate with SAML2 in Keycloak
3.4. Does anyone know how to do this setup? If so, can you send me the
steps?
Thanks,
Eugenio
--
users@sogo.nu
https://inverse.ca/sogo/lists
--
users@sogo.nu
https://inverse.ca/sogo/lists