SSO with Kopano and Rocketchat

roland.gsell · April 17, 2020, 8:41am

Hi,
I would like to add SSO support to Rocketchat, when using the Kopano Deskapp.

With the Intranet-Plugin in Kopano we added a chat button to have Rocketchat available directly in the Deskapp.
I tried to use SAML for that, but it doesn’t seem to work. Should it be possible with SAML or not?
Or is OpenID Connect the better way to go? I think RC doesn’t support OIDC (yet).

The users are usually logged in with a valid kerberos ticket - don’t know if that could help.
Kopano is installed as an UCS-App, but RC is not, if that makes any difference.

Thanks for reading,
Roland.

fbartels · April 17, 2020, 9:12am

Hi @roland.gsell,

I am not overly familiar with Rocketchat, but when you are already using Kerberos to sign into Kopano WebApp (even through DeskApp) then SAML seems to be your best choice to log into Rocketchat. The Univention Saml provider can be automatically singed into through Kerberos.

boospy · April 17, 2020, 10:30pm

We have here Saml on all installation. It is not depending on Keberos/Saml Login in Kopano. It is depending on working saml Login in your webbrowser. If this is working, rocketchat saml login works too directly in kopano webtab.

roland.gsell · June 15, 2020, 1:08pm

A colleague of me wrote a new Kopano-Plugin, which made a SSO configuration unnecessary.
It just passes the login data of the webapp/deskapp to Rocketchat. (similar to the files plugin)