Authentication/Horizon

Horizon App Manager (formerly Tricipher, formerly MyOneLogin) Readme

   KB 20405        Last updated on 07/11/2015  




0.00
(0 votes)

Included in Network Edition at the following location:

/opt/zimbra/extensions-network-extra/saml/myonelogin/README.txt


Deploying Extension
-------------------

On each Zimbra mailbox server:

- Create "tricipher" directory under /opt/zimbra/lib/ext; Copy tricipherextn.jar under it.

- zmmailboxdctl restart


Configuring Extension
---------------------

(NOTE: MyOneLogin is now Horizon Manager. In the configuration steps below "myonelogin.com" can be replaced with
"horizonmanager.com")

- Map the Zimbra domain to VMware MyOneLogin company name:

    zmprov md <domain> +zimbraForeignName tricipherCompanyName:<company_name>

- If VMware MyOneLogin has been setup to authenticate users with your existing directory service, run:

    zmprov md <domain> +zimbraForeignNameHandler tricipherSaml:com.zimbra.cs.security.tricipher.TriCipherSamlNameMapper:ldapIntegrationEnabled

  Else, run:

    zmprov md <domain> +zimbraForeignNameHandler tricipherSaml:com.zimbra.cs.security.tricipher.TriCipherSamlNameMapper
    zmprov ma <account> +zimbraForeignPrincipal tricipherSaml:<tricipher_username>

    i.e. we'll rely on zimbraForeignPrincipal account attribute.

- For validation of the SAML response from VMware MyOneLogin, run:

    zmprov md <domain> zimbraMyoneloginSamlSigningCert <saml-signing-cert-base64-data>

  saml-signing-cert-base64-data can be obtained by logging-in at <company_name>.myonelogin.com as an admin user and
  clicking on Site Administration > Federation > SAML certificate. It starts with "-----BEGIN CERTIFICATE-----" and
  ends with "-----END CERTIFICATE-----".

- To enable SP-initiated SSO (optional), configure the zimbraWebClientLoginURL and zimbraWebClientLogoutURL:

    zmprov md <domain> zimbraWebClientLoginURL https://<company_name>.myonelogin.com/SAAS/API/1.0/GET/apps/launch?aid=<zimbra_app_id>
    zmprov md <domain> zimbraWebClientLogoutURL https://<company_name>.myonelogin.com


MyOneLogin Configuration
------------------------

To add Zimbra as a federated application to your company's VMware MyOneLogin site (<company_name>.myonelogin.com):

- Login as admin user at <company_name>.myonelogin.com.

- Click on Site Administration > Federation > Manage federation.

- Follow the procedure documented under section "Add federated applications" at
  https://www.myonelogin.com/usermanual/myOneLoginAdminManual.htm#federation_manage.

  Things to note when following the procedure for Zimbra:

  * Either select "SAML 1.1 POST profile" for "Authentication profile", or else if "SAML 2.0 POST profile" is chosen
    then under Profile Configuration select "Manual configuration" for "Configure via".
  * "Authentication URL" would be <zimbra_base_url>/service/extension/tricipher/samlreceiver.
  * "Recipient name" would also be <zimbra_base_url>/service/extension/tricipher/samlreceiver.
  * For the "SAML 2.0 POST profile" case, select "Unspecified (username)" as the "Name ID Format".

Verified Against: Zimbra Collaboration 8.0, 7.0 Date Created: 04/16/2014
Article ID: https://wiki.zimbra.com/index.php?title=Authentication/Horizon Date Modified: 07/11/2015



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »


Jump to: navigation, search