Authentication/Horizon

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Horizon App Manager (formerly Tricipher, formerly MyOneLogin) Readme

   KB 20405        Last updated on 2015-07-11  




0.00
(0 votes)

Included in Network Edition at the following location:

/opt/zimbra/extensions-network-extra/saml/myonelogin/README.txt


Deploying Extension
-------------------

On each Zimbra mailbox server:

- Create "tricipher" directory under /opt/zimbra/lib/ext; Copy tricipherextn.jar under it.

- zmmailboxdctl restart


Configuring Extension
---------------------

(NOTE: MyOneLogin is now Horizon Manager. In the configuration steps below "myonelogin.com" can be replaced with
"horizonmanager.com")

- Map the Zimbra domain to VMware MyOneLogin company name:

    zmprov md <domain> +zimbraForeignName tricipherCompanyName:<company_name>

- If VMware MyOneLogin has been setup to authenticate users with your existing directory service, run:

    zmprov md <domain> +zimbraForeignNameHandler tricipherSaml:com.zimbra.cs.security.tricipher.TriCipherSamlNameMapper:ldapIntegrationEnabled

  Else, run:

    zmprov md <domain> +zimbraForeignNameHandler tricipherSaml:com.zimbra.cs.security.tricipher.TriCipherSamlNameMapper
    zmprov ma <account> +zimbraForeignPrincipal tricipherSaml:<tricipher_username>

    i.e. we'll rely on zimbraForeignPrincipal account attribute.

- For validation of the SAML response from VMware MyOneLogin, run:

    zmprov md <domain> zimbraMyoneloginSamlSigningCert <saml-signing-cert-base64-data>

  saml-signing-cert-base64-data can be obtained by logging-in at <company_name>.myonelogin.com as an admin user and
  clicking on Site Administration > Federation > SAML certificate. It starts with "-----BEGIN CERTIFICATE-----" and
  ends with "-----END CERTIFICATE-----".

- To enable SP-initiated SSO (optional), configure the zimbraWebClientLoginURL and zimbraWebClientLogoutURL:

    zmprov md <domain> zimbraWebClientLoginURL https://<company_name>.myonelogin.com/SAAS/API/1.0/GET/apps/launch?aid=<zimbra_app_id>
    zmprov md <domain> zimbraWebClientLogoutURL https://<company_name>.myonelogin.com


MyOneLogin Configuration
------------------------

To add Zimbra as a federated application to your company's VMware MyOneLogin site (<company_name>.myonelogin.com):

- Login as admin user at <company_name>.myonelogin.com.

- Click on Site Administration > Federation > Manage federation.

- Follow the procedure documented under section "Add federated applications" at
  https://www.myonelogin.com/usermanual/myOneLoginAdminManual.htm#federation_manage.

  Things to note when following the procedure for Zimbra:

  * Either select "SAML 1.1 POST profile" for "Authentication profile", or else if "SAML 2.0 POST profile" is chosen
    then under Profile Configuration select "Manual configuration" for "Configure via".
  * "Authentication URL" would be <zimbra_base_url>/service/extension/tricipher/samlreceiver.
  * "Recipient name" would also be <zimbra_base_url>/service/extension/tricipher/samlreceiver.
  * For the "SAML 2.0 POST profile" case, select "Unspecified (username)" as the "Name ID Format".

Verified Against: Zimbra Collaboration 8.0, 7.0 Date Created: 04/16/2014
Article ID: https://wiki.zimbra.com/index.php?title=Authentication/Horizon Date Modified: 2015-07-11



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »


Jump to: navigation, search