This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Integrations

Zimbra integration with RSA Via Access

You should be able to use the SAML template to connect to Zimbra.  It's been a while since I've set this up, but here are the basics:

 

 

In the Access Administration Console:  Applications > Application Catalog > Create from Template > SAML Direct

 

  • Connection URL:  Enter the URL of the protected resource at the service provider that will initiate the SAMLRequest.  For example:  https://mailbox.mycompany.com
    • You'll need to specify your own BenefitFocus PartnerIdpId and URL-encoded BenefitFocus URL as the TargetResource
  • SP-initiated
  • Binding Method for SAML Request:  POST (default)
    • Request not signed (default)
  • Identity Provider URL:  Use the default, such as  https://portal.sso.example.com/IdPServlet?idp_id=1q2w3e4r5t6y7
  • Issuer Entity ID:  Use default, such as  1q2w3e4r5t6y7
  • Upload the private.key to sign the SAMLResponse, and the corresponding cert.pem
    • Zimbra doesn't need us to include the certificate in the outgoing assertion
  • Service Provider
  • User Identity
    • NameID Identifier Type:  Subject
      • Select the attribute containing the Zimbra ID (for example, the AD ‘mail')

 

On the Zimbra side, you'll need to configure it according to current Zimbra product documentation, but it will be something like this:

 

Login to your Zimbra server and follow the Zimbra Documentation to configure SAML:  Authentication/SAML - Zimbra :: Tech Center 

  1. As the 'root' user:
    • mkdir /opt/zimbra/lib/ext/saml
    • cp /opt/zimbra/extensions-network-extra/saml/samlextn.jar /opt/zimbra/lib/ext/saml/
  2. As the 'zimbra' user:
    • add the cert.pem (from the SAML certificate bundle zip file) to the configuration: 
      • cat cert.pem |xargs -0 zmprov md mailbox.mycompany.com zimbraMyoneloginSamlSigningCert
    • specify the login & logout URLs: 
    • Restart Zimbra services: 
      • zmcontrol stop; zmcontrol start
    • Confirm settings:
      • zmprov gd mailbox.mycompany.com
        • You should see the zimbraWebClientLoginURL, zimbraWebClientLogoutURL, and zimbraMyoneloginSamlSigningCert settings configured with the values specified, above.

 

This document was generated from the following discussion: Zimbra integration with RSA Via Access

Labels (1)
Labels:
0 Likes
Was this article helpful? Yes No
No ratings
Version history
Last update:
‎2016-09-16 11:37 AM
Updated by:
Employee
Contributors

Related Content

Article Dashboard
© 2023 RSA Security LLC or its affiliates. All rights reserved.