Horizon App Manager (formerly Tricipher, formerly MyOneLogin) Readme

   KB 20405        Last updated on 2015-07-11  

(0 votes)

Included in Network Edition at the following location:


Deploying Extension

On each Zimbra mailbox server:

- Create "tricipher" directory under /opt/zimbra/lib/ext; Copy tricipherextn.jar under it.

- zmmailboxdctl restart

Configuring Extension

(NOTE: MyOneLogin is now Horizon Manager. In the configuration steps below "" can be replaced with

- Map the Zimbra domain to VMware MyOneLogin company name:

    zmprov md <domain> +zimbraForeignName tricipherCompanyName:<company_name>

- If VMware MyOneLogin has been setup to authenticate users with your existing directory service, run:

    zmprov md <domain> +zimbraForeignNameHandler

  Else, run:

    zmprov md <domain> +zimbraForeignNameHandler
    zmprov ma <account> +zimbraForeignPrincipal tricipherSaml:<tricipher_username>

    i.e. we'll rely on zimbraForeignPrincipal account attribute.

- For validation of the SAML response from VMware MyOneLogin, run:

    zmprov md <domain> zimbraMyoneloginSamlSigningCert <saml-signing-cert-base64-data>

  saml-signing-cert-base64-data can be obtained by logging-in at <company_name> as an admin user and
  clicking on Site Administration > Federation > SAML certificate. It starts with "-----BEGIN CERTIFICATE-----" and
  ends with "-----END CERTIFICATE-----".

- To enable SP-initiated SSO (optional), configure the zimbraWebClientLoginURL and zimbraWebClientLogoutURL:

    zmprov md <domain> zimbraWebClientLoginURL https://<company_name><zimbra_app_id>
    zmprov md <domain> zimbraWebClientLogoutURL https://<company_name>

MyOneLogin Configuration

To add Zimbra as a federated application to your company's VMware MyOneLogin site (<company_name>

- Login as admin user at <company_name>

- Click on Site Administration > Federation > Manage federation.

- Follow the procedure documented under section "Add federated applications" at

  Things to note when following the procedure for Zimbra:

  * Either select "SAML 1.1 POST profile" for "Authentication profile", or else if "SAML 2.0 POST profile" is chosen
    then under Profile Configuration select "Manual configuration" for "Configure via".
  * "Authentication URL" would be <zimbra_base_url>/service/extension/tricipher/samlreceiver.
  * "Recipient name" would also be <zimbra_base_url>/service/extension/tricipher/samlreceiver.
  * For the "SAML 2.0 POST profile" case, select "Unspecified (username)" as the "Name ID Format".

Verified Against: Zimbra Collaboration 8.0, 7.0 Date Created: 04/16/2014
Article ID: Date Modified: 2015-07-11

Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search