Results 1 to 4 of 4

Thread: Zimbra Server as Central Point in SSO infrastructure?

Hybrid View

  1. #1
    Join Date
    Dec 2008
    Rep Power

    Default Zimbra Server as Central Point in SSO infrastructure?


    I have been looking through the forum for Zimbra and Single-Sign-On.
    Most people there want to authenticate their users based on a system outside of Zimbra. As pointed out several times, this can be done with PreAuth, something that works great if this is what you are looking for.

    I am looking for the opposite of PreAuth, using Zimbra to authenticate with another external application.

    - You are logged in your Zimbra Account (
    - You want to use another app (
    Upon hitting that URL, the app (lets say it's php-based) should be able to somehow let the user in with no password (no username as an option).

    It might sound like OpenID or similar, but the app (or more apps) are aware of the one central authentication point.
    In an OpenID world, I'd like Zimbra to be my Identity Provider (IP) as it already hosts accounts with passwords and seems ideal for the case.

    Currently, all I can do is centralize username & passwords in Zimbra and external applications will just query the Zimbra server to confirm a matching username & passwords. But users have to provide user & password for each of the apps.

    Other keywords like Shibboleth and SAML come to mind, but neither provide what I'm looking for (or not yet anyway).

    I'm not looking for step-my-step instructions here, just wondering if someone can push me in the right direction which will get me to my goal, or just tell me that I should drop this goal and look for another solution.

    Thanks in advance for any comment.

    Best regards,


  2. #2
    Join Date
    Oct 2009
    Rep Power



    I think there could be a couple of ways to do that.
    But I think the easiest way is to develop Identity Provider (IP) extesnsion.
    It will handle auth requests which are redirected from external(consumer) app and check if the user gets authenticated with Zimbra's auth token.
    If no, do authentication with username & password and give the user Zimbra's AuthToken if username & password are found in Zimbra.
    If yes, redirect back the request to external app.
    But this request should be handled by external app without authentication at this time.(Is it acceptable in your external app?)

    I hope this reply will help you.

    Thank you

  3. #3
    Join Date
    Sep 2005
    Sydney, Australia
    Rep Power


    I would have just used an LDAP library in my app, and authed against zimbra ldap.
    Australia's premier Zimbra Hosting Partner
    Resellers wanted!

  4. #4
    Join Date
    Dec 2008
    Rep Power


    Thanks for the replies.

    yutaka, I will look into what I can do with the Zimbra AuthToken.

    dave_kempe, LDAP as a central password database is ok, but that's only one piece in the puzzle.

    Integrating OpenID seems to be the way to go.

    I'll keep you posted if anything develops.

Similar Threads

  1. /tmp filling
    By Nutz in forum Administrators
    Replies: 8
    Last Post: 02-22-2008, 01:00 AM
  2. zmperditionctl start asking for password
    By k7sle in forum Administrators
    Replies: 32
    Last Post: 02-20-2008, 10:13 AM
  3. huge log size
    By rmvg in forum Administrators
    Replies: 5
    Last Post: 01-02-2007, 09:39 AM
  4. Zimbra server crashed
    By goetzi in forum Administrators
    Replies: 6
    Last Post: 03-25-2006, 12:00 PM
  5. Mail logs
    By Rick Baker in forum Installation
    Replies: 8
    Last Post: 01-17-2006, 03:33 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts