Author Topic: Two factor login with Shibboleth/SAML  (Read 3399 times)

Offline JonKnight

  • Newbie
  • *
  • Posts: 1
Two factor login with Shibboleth/SAML
« on: June 13, 2018, 07:32:23 AM »
Hi everyone

We're using roundcube as a front end to Gmail for those users who cannot contact Gmail directly.

Our Gmail login is using Shibboleth (SAML2) with a two factor system that we run in house and that also protects a lot of our web servers.

We'd like to add that to Roundcube, but obviously that would require a double login as Shibboleth can't authenticate an IMAP connection to Gmail.  So I'm thinking of instructing Apache to protect the Roundcube login page with Shibboleth so that would trigger a Shibboleth login whenever roundcube redirected to that page and Apache didn't find a session cookie.  Once shibboleth returned the normal roundcube login page would appear and the second login would occur.

I'm not certain of the interaction between apache session management and roundcube's session managment, but as long as they can co-exist this might work.

Has anyone tried something similar?