Zimbra SSO Questions

Ask questions about your setup or get help installing ZCS server (ZD section below).
6410jherington
Posts: 19
Joined: Fri Sep 12, 2014 11:11 pm

Zimbra SSO Questions

Postby 6410jherington » Mon Nov 19, 2007 2:07 pm

Hello,

I am in the process of setting up a central Ldap server that will serve as a central authentication (username/password) repository. I have been looking for a simple way to enable a SSO solution that Zimbra and several other portal applications (all can use Ldap) can use in order to provide the end-user with a single sign-on experience.
My current idea is to simply pass login/password credentials to zimbra (before loading zimbra into a portal tab) - zimbra would accept this login/password programmatically and then envolk a logon command against an external Ldap server. The user would then be redirected to a zimbra session (within the tab) that is logged in and ready to use.
My question is whether or not this seems feasible: I already have a portal environment that includes custom tabs for all applications including zimbra. I can envolk any sort of zimbra provided webservices when the user clicks on the tab (prior to redirecting the tab contents to the zimbra session). I can query the Ldap server for the current user and get the assoicated logon credentials and pass those within said webservice request.
1) Please provide assistance in how I could envolk the zimbra login programatically, preferably via webservices, but also via any PHP/Java script, ect would also be fine.
2) I believe I would also be responsible for maintaining password sync between the local zimbra ldap and the central ldap and would also be responsible for adding and removing users to the local zimbra ldap...is this a correct assumption?
3) If all my applications can utilize the central ldap server and I do not have need for a Microsoft or other domain, is there a better way to enable SSO apart from CAS?
4) Possibly where zimbra (for example) queries the cental portal for the current user (I could provide a webservice) and then authenticates against the external ldap...this is just a twist on the original model. Again what zimbra authentication function could be called (that would accept the username and password provided by the external ldap query)?
Basically I am just hoping that I might enlist some advise as I set out on this process.
I would be happy to share my experiece and methods with the community if that is helpful and not too odd of a solution for central sso.
Thanks!


jholder
Zimbra Employee
Zimbra Employee
Posts: 4686
Joined: Fri Sep 12, 2014 10:00 pm

Zimbra SSO Questions

Postby jholder » Mon Nov 19, 2007 2:41 pm

Well, your best bet is preauth.
Take a look at the wiki article. You won't be able to use your portal's cookie to auth with Zimbra (or vise versa)
Preauth - Zimbra :: Wiki
6410jherington
Posts: 19
Joined: Fri Sep 12, 2014 11:11 pm

Zimbra SSO Questions

Postby 6410jherington » Mon Nov 19, 2007 3:11 pm

Thanks J I believe Preauth will send me in the right direction.
Just to clairify, I was not intending to use any sort of pre-built portal cookie but in stead was looking for a mechanisim within zimbra (like a function) that I could pass user credentials to. This function would take those user credentials (clear text username and password) and process a normal zimbra login.
For example what is being called by: '
This">https://server/service/preauth?isredirect=1&authtoken={...}'
This
must be calling some function within zimbra? Is there a way to apply a clear text username and password. PS I work within SSL so I don't have a great concern about passing clear text info via a local domain webservice.
Thanks!
malayo
Advanced member
Advanced member
Posts: 116
Joined: Sat Sep 13, 2014 1:59 am

Zimbra SSO Questions

Postby malayo » Tue Jan 15, 2013 9:57 pm

so jherington,
have you been able to do this after 5 years?

does it work for you?
i had a situation where i need to be able to log in from a page to a NE & OSS mailbox where it is transparent to users which server there being brough to since zimbra-proxy only supported if both mailbox are NE

Return to “Installation and Upgrade”

Who is online

Users browsing this forum: No registered users and 11 guests