I have an intranet site built with java which I wish to have single sign on with zimbra web mail.

I use ZClient to connect to the Zimbra's soap service.
I extract the ZM_AUTH_TOKEN & SessionId.

I then create a cookie using the ZM_AUTH_TOKEN and I add the cookie to
the response object.

The soap connection works and I can get info back from the server.
The cookie is created sucessfully.

But even with the cookie, I still keep getting the zimbra web mail login screen.

Here is the source code that I am using, can you tell me what I am doing wrong. No, I do not want to use preauth. So please do not recommend this to me, thanks.

import java.io.*;
import java.net.*;

import javax.servlet.*;
import javax.servlet.http.*;
import java.io.IOException;
import com.zimbra.common.service.ServiceException;
import com.zimbra.cs.service.mail.MailService;
import com.zimbra.cs.service.account.AccountService;
import com.zimbra.cs.servlet.ZimbraServlet;
import com.zimbra.cs.util.Zimbra;
import com.zimbra.soap.Element;
import com.zimbra.soap.SoapFaultException;
import com.zimbra.soap.SoapHttpTransport;
import com.zimbra.soap.ZimbraSoapContext;

* @author
public class ZimbraLogin {

/** Creates a new instance of ZimbraLogin */
public ZimbraLogin(HttpServletRequest request, HttpServletResponse response) {
SoapHttpTransport trans = null;
Element zresponse = null;
Element zrequest = null;
String authToken = null;
String sessionId = null;
try {
trans = new SoapHttpTransport("https://my.zimbrahost.com" + ZimbraServlet.USER_SERVICE_URI);

zrequest = Element.XMLElement.mFactory.createElement(AccountS ervice.AUTH_REQUEST);

zrequest.addAttribute(AccountService.E_ACCOUNT, (String) request.getSession().getAttribute("id") + "@my.zimbrahost.com" , Element.DISP_CONTENT);
zrequest.addAttribute(AccountService.E_PASSWORD, (String) request.getSession().getAttribute("password"), Element.DISP_CONTENT);
zresponse = trans.invoke(zrequest);

authToken = zresponse.getAttribute(AccountService.E_AUTH_TOKEN );
sessionId = zresponse.getAttribute(ZimbraSoapContext.E_SESSION _ID, null);

if (sessionId != null)

catch (Exception e){

Cookie authCookie = new Cookie("ZM_AUTH_TOKEN", authToken);