1 (edited by stepm65 2023-04-10 12:38:36)

Topic: SOGO+SSO+Keycloak

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.3.2 MARIADB edition.
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version: CentOS 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? no
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Hello everyone
I'm trying to configure SSO for SOGo using KeyCloak. When I add the configuration about SAML to the configuration file sogo.conf and restart the services, I get the error 502 Bad Gateway. Maybe someone implemented it? can you share your configuration experience or configuration files?
P.S. I turned on debugging mode everywhere and there is nothing interesting in the logs!

Post's attachments

conf.tar 30 kb, 2 downloads since 2023-04-10 

You don't have the permssions to download the attachments of this post.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: SOGO+SSO+Keycloak

Better get support from SOGo developers: https://www.sogo.nu/support.html

3

Re: SOGO+SSO+Keycloak

Thanks for the link, but there is no information on setting up SSO SAML 2! Does anyone have a sogo.conf with the saml 2 settings block. when I add to my config file, I get a 502 error!

4

Re: SOGO+SSO+Keycloak

I managed to configure it! The topic can be closed!

5

Re: SOGO+SSO+Keycloak

stepm65 wrote:

I managed to configure it! The topic can be closed!

Would you mind sharing the solution to this community?

6

Re: SOGO+SSO+Keycloak

ZhangHuangbin wrote:
stepm65 wrote:

I managed to configure it! The topic can be closed!

Would you mind sharing the solution to this community?

I apologize for not answering right away!
In the sogo.conf file at the end, after the parameters for connecting to AD and address books, contacts, etc., see sogo.conf file attached.

Place the files from the attachment at /etc/sogo/

Make the required changes to the file (indicate your path to KeyCloak, certificates, etc.)

P.S SSO in Sogo will work so you will be taken to the Sogo web interface, but folders (inbox, sent, etc.) will be inaccessible because Dovecot will not be able to authorize by token, I stopped at this point, maybe someone has ideas on how to do it, last step left!)))

Post's attachments

idp-metadata.xml 3.1 kb, 24 downloads since 2023-10-13 

sogo.conf 20.52 kb, 25 downloads since 2023-10-13 

You don't have the permssions to download the attachments of this post.

7

Re: SOGO+SSO+Keycloak

必须使用ldap做为存储后端吗?使用pgsql做为存储后端,来实现keylocak与iredmail集成可不可行?求大佬解答!