Frequently Asked Questions
 |
|
|
FAQ:
What's so special about Horde IMP Webmail? The problem is that Horde's webmail component has an extra layer of authentication: It forwards the user's credentials to a remote IMAP (i.e. mail-) server: Browser---(user/password)--->Horde---(user/password)--->IMAP Since in a single sign-on world Horde doesn't have these credentials, this chain won't work. Browser---(user/SSO signature)--->Horde---(???)--->IMAP Of course, this is not really special to Horde IMP but applies to any three-layer webmail system. There are two potential solutions for this problem, and both require changes on the IMAP server side: (a) DEPRECIATED: Allow Horde to send a "master password" (or some other means of authentication) along with the username - make the IMAP server validate this master password instead of the user's own one. (b) Implement the Signature-Based Single Sign-On technology on the IMAP level - basically by implementing the methods used by the SSO Agent (like signature verification). Make SSO Agent pass the original SSO string to the Horde SSO Adapter. Browser---(user/SSO signature)--->Horde---(user/SSO signature)--->IMAP Anybody interedsted in implementing this scenario? Please contact us for architectural compliance. P.S: We would also like to learn about your favourite IMAP server ! Go back... |
