Results 1 to 4 of 4

Thread: Zimbra Server as Central Point in SSO infrastructure?

  1. #1
    marc@ion.lu is offline Member
    Join Date
    Dec 2008
    Posts
    13
    Rep Power
    6

    Default Zimbra Server as Central Point in SSO infrastructure?

    Hi,

    I have been looking through the forum for Zimbra and Single-Sign-On.
    Most people there want to authenticate their users based on a system outside of Zimbra. As pointed out several times, this can be done with PreAuth, something that works great if this is what you are looking for.

    I am looking for the opposite of PreAuth, using Zimbra to authenticate with another external application.

    Scenario:
    - You are logged in your Zimbra Account (http://zimbra.company.com)
    - You want to use another app (http://app.company.com)
    Upon hitting that URL, the app (lets say it's php-based) should be able to somehow let the user in with no password (no username as an option).

    It might sound like OpenID or similar, but the app (or more apps) are aware of the one central authentication point.
    In an OpenID world, I'd like Zimbra to be my Identity Provider (IP) as it already hosts accounts with passwords and seems ideal for the case.

    Currently, all I can do is centralize username & passwords in Zimbra and external applications will just query the Zimbra server to confirm a matching username & passwords. But users have to provide user & password for each of the apps.

    Other keywords like Shibboleth and SAML come to mind, but neither provide what I'm looking for (or not yet anyway).

    I'm not looking for step-my-step instructions here, just wondering if someone can push me in the right direction which will get me to my goal, or just tell me that I should drop this goal and look for another solution.

    Thanks in advance for any comment.

    Best regards,

    MM

  2. #2
    yutaka is offline Project Contributor
    Join Date
    Oct 2009
    Location
    Tokyo
    Posts
    113
    Rep Power
    5

    Default

    Hi marc@ion.lu,

    I think there could be a couple of ways to do that.
    But I think the easiest way is to develop Identity Provider (IP) extesnsion.
    It will handle auth requests which are redirected from external(consumer) app and check if the user gets authenticated with Zimbra's auth token.
    If no, do authentication with username & password and give the user Zimbra's AuthToken if username & password are found in Zimbra.
    If yes, redirect back the request to external app.
    But this request should be handled by external app without authentication at this time.(Is it acceptable in your external app?)

    I hope this reply will help you.

    Thank you

  3. #3
    dave_kempe is offline Partner (VAR/HSP)
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    291
    Rep Power
    9

    Default

    I would have just used an LDAP library in my app, and authed against zimbra ldap.
    http://www.solutionsfirst.com.au/hosting/zimbra/
    Australia's premier Zimbra Hosting Partner
    Resellers wanted!

  4. #4
    marc@ion.lu is offline Member
    Join Date
    Dec 2008
    Posts
    13
    Rep Power
    6

    Default

    Thanks for the replies.

    yutaka, I will look into what I can do with the Zimbra AuthToken.

    dave_kempe, LDAP as a central password database is ok, but that's only one piece in the puzzle.

    Integrating OpenID seems to be the way to go.

    I'll keep you posted if anything develops.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. /tmp filling
    By Nutz in forum Administrators
    Replies: 8
    Last Post: 02-22-2008, 02:00 AM
  2. zmperditionctl start asking for password
    By k7sle in forum Administrators
    Replies: 32
    Last Post: 02-20-2008, 11:13 AM
  3. huge log size
    By rmvg in forum Administrators
    Replies: 5
    Last Post: 01-02-2007, 10:39 AM
  4. Zimbra server crashed
    By goetzi in forum Administrators
    Replies: 6
    Last Post: 03-25-2006, 01:00 PM
  5. Mail logs
    By Rick Baker in forum Installation
    Replies: 8
    Last Post: 01-17-2006, 04:33 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •