Authentication/Horizon: Difference between revisions
No edit summary |
|||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
{{BC|Community Sandbox}} | |||
__FORCETOC__ | |||
<div class="col-md-12 ibox-content"> | |||
= Horizon App Manager (formerly Tricipher, formerly MyOneLogin) Readme = | |||
{{KB|{{Unsupported}}|{{ZCS 8.0}}|{{ZCS 7.0}}|}} | |||
{{WIP}} | |||
[[Category:Authentication]] | [[Category:Authentication]] | ||
[[Category:Administration]] | [[Category:Administration]] | ||
[[Category:Configuration]] | [[Category:Configuration]] | ||
Included in Network Edition at the following location: | Included in Network Edition at the following location: | ||
Line 77: | Line 82: | ||
</pre> | </pre> | ||
{{Article Footer|Zimbra Collaboration 8.0, 7.0|04/16/2014}} |
Latest revision as of 13:53, 11 July 2015
Horizon App Manager (formerly Tricipher, formerly MyOneLogin) Readme
- This article is a Work in Progress, and may be unfinished or missing sections.
Included in Network Edition at the following location:
/opt/zimbra/extensions-network-extra/saml/myonelogin/README.txt
Deploying Extension ------------------- On each Zimbra mailbox server: - Create "tricipher" directory under /opt/zimbra/lib/ext; Copy tricipherextn.jar under it. - zmmailboxdctl restart Configuring Extension --------------------- (NOTE: MyOneLogin is now Horizon Manager. In the configuration steps below "myonelogin.com" can be replaced with "horizonmanager.com") - Map the Zimbra domain to VMware MyOneLogin company name: zmprov md <domain> +zimbraForeignName tricipherCompanyName:<company_name> - If VMware MyOneLogin has been setup to authenticate users with your existing directory service, run: zmprov md <domain> +zimbraForeignNameHandler tricipherSaml:com.zimbra.cs.security.tricipher.TriCipherSamlNameMapper:ldapIntegrationEnabled Else, run: zmprov md <domain> +zimbraForeignNameHandler tricipherSaml:com.zimbra.cs.security.tricipher.TriCipherSamlNameMapper zmprov ma <account> +zimbraForeignPrincipal tricipherSaml:<tricipher_username> i.e. we'll rely on zimbraForeignPrincipal account attribute. - For validation of the SAML response from VMware MyOneLogin, run: zmprov md <domain> zimbraMyoneloginSamlSigningCert <saml-signing-cert-base64-data> saml-signing-cert-base64-data can be obtained by logging-in at <company_name>.myonelogin.com as an admin user and clicking on Site Administration > Federation > SAML certificate. It starts with "-----BEGIN CERTIFICATE-----" and ends with "-----END CERTIFICATE-----". - To enable SP-initiated SSO (optional), configure the zimbraWebClientLoginURL and zimbraWebClientLogoutURL: zmprov md <domain> zimbraWebClientLoginURL https://<company_name>.myonelogin.com/SAAS/API/1.0/GET/apps/launch?aid=<zimbra_app_id> zmprov md <domain> zimbraWebClientLogoutURL https://<company_name>.myonelogin.com MyOneLogin Configuration ------------------------ To add Zimbra as a federated application to your company's VMware MyOneLogin site (<company_name>.myonelogin.com): - Login as admin user at <company_name>.myonelogin.com. - Click on Site Administration > Federation > Manage federation. - Follow the procedure documented under section "Add federated applications" at https://www.myonelogin.com/usermanual/myOneLoginAdminManual.htm#federation_manage. Things to note when following the procedure for Zimbra: * Either select "SAML 1.1 POST profile" for "Authentication profile", or else if "SAML 2.0 POST profile" is chosen then under Profile Configuration select "Manual configuration" for "Configure via". * "Authentication URL" would be <zimbra_base_url>/service/extension/tricipher/samlreceiver. * "Recipient name" would also be <zimbra_base_url>/service/extension/tricipher/samlreceiver. * For the "SAML 2.0 POST profile" case, select "Unspecified (username)" as the "Name ID Format".