I want to integrate shibboleth in zimbra in order to reach sso should i work with shibboleth sp or idp ? how can i do because zimbra support only preauth and shibboleth work with saml ?
thank you
Asked
Active
Viewed 513 times
2 Answers
0
Can't say about how to, but I can answer what to (sp or idp).
If you are providing authorization/authentication then use idp. If you are using authorization other system providing you then use SP.
example, if you are trying to login into stackoverflow with use of google account then stackoverflow is SP and google is idP.
Akshay
- 3,558
- 4
- 43
- 77
-
thank you but i know the difference between sp and idp i just answered which shibboleth to use in my case i will use an external idp that support saml2.0 and i have to use shibboleth between them to reach sso – aze Apr 08 '16 at 13:18
0
As far as I can tell Zimbra can work with SAML however it doesn't seem to be possible to make a SAML request from Zimbra (SP) to the SAML (IdP). Instead Zimbra seems to support something called a "direct site" where the IdP issues the SAML request with the payload of the the username, but in Zimbra's case it's expecting the email address. My IdP (Ipsilon) seems to not support this so I haven't solved the problem.
Zimbra documentation: https://wiki.zimbra.com/wiki/Authentication/SAML
If you're using the open source I assume you can download Network Edition, extract the store rpm, grab samlext.jar and follow the instructions. My open source allowed me to do this and it appeared to be communicating in SAML.
Good luck. If you solved this already I would love to hear what you've done but I suspect the usual ACS method isn't supported by this Zimbra extension.
Vex Mage
- 11
- 1