Results 1 to 4 of 4

Thread: Zimbra SSO Questions

  1. #1
    Join Date
    Oct 2007
    Posts
    19
    Rep Power
    8

    Default Zimbra SSO Questions

    Hello,
    I am in the process of setting up a central Ldap server that will serve as a central authentication (username/password) repository. I have been looking for a simple way to enable a SSO solution that Zimbra and several other portal applications (all can use Ldap) can use in order to provide the end-user with a single sign-on experience.

    My current idea is to simply pass login/password credentials to zimbra (before loading zimbra into a portal tab) - zimbra would accept this login/password programmatically and then envolk a logon command against an external Ldap server. The user would then be redirected to a zimbra session (within the tab) that is logged in and ready to use.

    My question is whether or not this seems feasible: I already have a portal environment that includes custom tabs for all applications including zimbra. I can envolk any sort of zimbra provided webservices when the user clicks on the tab (prior to redirecting the tab contents to the zimbra session). I can query the Ldap server for the current user and get the assoicated logon credentials and pass those within said webservice request.

    1) Please provide assistance in how I could envolk the zimbra login programatically, preferably via webservices, but also via any PHP/Java script, ect would also be fine.

    2) I believe I would also be responsible for maintaining password sync between the local zimbra ldap and the central ldap and would also be responsible for adding and removing users to the local zimbra ldap...is this a correct assumption?

    3) If all my applications can utilize the central ldap server and I do not have need for a Microsoft or other domain, is there a better way to enable SSO apart from CAS?

    4) Possibly where zimbra (for example) queries the cental portal for the current user (I could provide a webservice) and then authenticates against the external ldap...this is just a twist on the original model. Again what zimbra authentication function could be called (that would accept the username and password provided by the external ldap query)?

    Basically I am just hoping that I might enlist some advise as I set out on this process.

    I would be happy to share my experiece and methods with the community if that is helpful and not too odd of a solution for central sso.

    Thanks!
    Last edited by jherington; 11-19-2007 at 12:17 PM.

  2. #2
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    Well, your best bet is preauth.

    Take a look at the wiki article. You won't be able to use your portal's cookie to auth with Zimbra (or vise versa)

    Preauth - Zimbra :: Wiki

  3. #3
    Join Date
    Oct 2007
    Posts
    19
    Rep Power
    8

    Default

    Thanks J I believe Preauth will send me in the right direction.

    Just to clairify, I was not intending to use any sort of pre-built portal cookie but in stead was looking for a mechanisim within zimbra (like a function) that I could pass user credentials to. This function would take those user credentials (clear text username and password) and process a normal zimbra login.

    For example what is being called by: 'https://server/service/preauth?isredirect=1&authtoken={...}'

    This must be calling some function within zimbra? Is there a way to apply a clear text username and password. PS I work within SSL so I don't have a great concern about passing clear text info via a local domain webservice.

    Thanks!

  4. #4
    Join Date
    Apr 2011
    Posts
    117
    Rep Power
    4

    Default

    so jherington,

    have you been able to do this after 5 years?
    does it work for you?

    i had a situation where i need to be able to log in from a page to a NE & OSS mailbox where it is transparent to users which server there being brough to since zimbra-proxy only supported if both mailbox are NE

Similar Threads

  1. QUE Failure
    By tbullock in forum Administrators
    Replies: 31
    Last Post: 07-30-2008, 12:17 PM
  2. Zimbra shutdowns every n hours.
    By Andrewb in forum Administrators
    Replies: 13
    Last Post: 08-14-2007, 08:55 AM
  3. zmtlsctl give LDAP error
    By sourcehound in forum Administrators
    Replies: 5
    Last Post: 03-11-2007, 03:48 PM
  4. Post instsallation problems
    By Assaf in forum Installation
    Replies: 14
    Last Post: 01-29-2007, 10:38 AM
  5. Getting problems in FC4 while instalation
    By kitty_bhoo in forum Installation
    Replies: 13
    Last Post: 09-12-2006, 10:34 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •