Allow access to Webmail without password when a certain HTTP header is set
When a trusted source like a reverse proxy sets a certain HTTP header, then Webmail should log that user in without asking a password. Much like "x-webobjects-remote-user" HTTP request header in SOGo.
This would allow an already authentified user (on a reverse proxy for example) to get immediate access by simply having the proxy forward the connected user's name.
The trusted gateways would need to be specified by at least their IP address to prevent abuse.
2
votes
J-M Roth
shared this idea
Hello,
Thank you for your suggestion to allow users that have authenticated on a reverse proxy to login to webmail without giving a password. It will be considered for future versions.
Thanks again,
Arron