HomeSitemap
EnglishDeutsch
One logon is enough.

Frequently Asked Questions

FAQ:

What's so special about Horde IMP Webmail?



The problem is that Horde's webmail component has an extra layer of authentication: It forwards the user's credentials to a remote IMAP (i.e. mail-) server:
Browser---(user/password)--->Horde---(user/password)--->IMAP

Since in a single sign-on world Horde doesn't have these credentials, this chain won't work.
Browser---(user/SSO signature)--->Horde---(???)--->IMAP

Of course, this is not really special to Horde IMP but applies to any three-layer webmail system.


There are two potential solutions for this problem, and both require changes on the IMAP server side:

(a) DEPRECIATED: Allow Horde to send a "master password" (or some other means of authentication) along with the username - make the IMAP server validate this master password instead of the user's own one.

(b) Implement the Signature-Based Single Sign-On technology on the IMAP level - basically by implementing the methods used by the SSO Agent (like signature verification). Make SSO Agent pass the original SSO string to the Horde SSO Adapter.

Browser---(user/SSO signature)--->Horde---(user/SSO signature)--->IMAP


Anybody interedsted in implementing this scenario? Please contact us for architectural compliance.

P.S: We would also like to learn about your favourite IMAP server !









Go back...
DirectSSO