ZCS Administrator Guide 8.0
ZCS Administrator Guide 8.0
Open Source Edition


Appendix B Configuring SPNEGO Single Sign-On
Appendix B Configuring SPNEGO Single Sign-On
The SPNEGO protocol mechanism can be configured on ZCS for single sign-on authentication to the Zimbra Web Client.
From ZWC, when users log on to their Intranet through Active Directory, they can enter their ZWC mailbox without having to re-authenticate to Zimbra.
The ZCS server is configured to redirect users attempting to log on to ZWC to a URL under SPNEGO protection. The server asks for authentication with Kerberos through SPNEGO and users are redirected to their ZWC mailbox. When users log out, they are redirected to a logout URL that displays a Launch button. When users click Launch, they are directed to the ZWC entry page.
Note:
When users log on to their ZWC accounts from the Internet, the ZWC log in page displays and they must enter their ZWC password to log on.
Important: If SPNEGO SSO is enabled on a domain, the browsers must be configured correctly. See Configure Your Browser. Improperly configured browsers may pop up a user/pass dialog and if a user enters his correct AD domain username/password, he can still log into the Zimbra mailbox, and some browsers may display a “401 Unauthorized” error.
Copyright © 2012 VMware Inc.