Performing Axigen WebMail Single Sign-on

WebMail Integrations

Do you have a customer portal or Web application where your users usually sign in?

Here's how you can perform single sign-on in the backend so that you also authenticate them in your Axigen WebMail.

This article assumes that your application can access your Axigen users' credentials and pass them further to the WebMail application.

This article involves performing HTTP calls for authentication. To ensure proper security, please make sure that the calls are triggered via SSL.

1.  Authenticate in Axigen WebMail from an external portal 

When the portal authentication is performed, an Axigen WebMail authentication should be triggered in the back-end (using sockets).

An authentication request (to Axigen WebMail) should look like:

GET /?action=login&username=<client's username>&password=<client's password>&custom=ajax HTTP/1.0

If the last parameter: custom=ajax is missed, then the login will be executed in the Standard WebMail Interface. 

2. Fetch the Axigen authentication keys 

If both portal authentication and WebMail authentication succeed, the newly created portal session should contain two properties, corresponding to the two authentication keys Axigen generated (these should be kept for later usage).

The result of a successful Axigen authentication request would look like:

HTTP/1.0 303 Moved Temporarily
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate
Pragma: no-cache
Last-Modified: Thu, 5 Jun 2008 10:26:14 GMT
Expires: Thu, 29 May 2008 10:26:14 GMT
Server: Axigen-Webmail
Content-Type: text/html; charset=utf-8
Date: Thu, 5 Jun 2008 10:26:14 GMT
Set-Cookie: _hmail=485876d52164154bf7a98840940195cb;Path=/;Version=1;
Location: /?_h=242fa2fea1d86d902341edb8331df405
Cache: no-cache
Pragma: no-cache
Connection: Close
{ success: true, sessionKey: "f2531832aba5b28a947b35dfe3481b54" }
Connection closed by foreign host.

Observe the two keys, one is the cookie key, the other is the URL key. The cookie key should also be presented to the user by means of a Set-Cookie header in the current response.

The actual redirection of the user's browser from the portal context to the WebMail context is performed by means of a link that should contain the URL key:

This link assumes the cookie key retrieved from the initial Axigen auth request has already been presented to the browser by means of a Set-Cookie key.

4. Periodically sync the portal session with the authenticated Axigen WebMail session 

The final step involves "synchronizing" the portal session with the authenticated WebMail session. This is done by a periodic authenticated request to one of the WebMail resources:

GET /images/dot.gif?_h=<stored Axigen URL key> HTTP/1.0
Cookie: _hmail=<store AXIGEN Cookie key>

This request should be performed in the back-end (socket) and should be linked with every authenticated request for one of the portal's pages.