SSO with GLUU - Willing to Pay for Consulting

Ask questions about your setup or get help installing ZCS server (ZD section below).
Post Reply
beccom
Posts: 2
Joined: Mon Mar 11, 2019 10:51 pm

SSO with GLUU - Willing to Pay for Consulting

Post by beccom »

Good Afternoon

Looking for assistance and willing to pay for consulting time.

We are trying to log into ZImbra through our test GLUU Server. This is what I have so far....

Zimbra:
Version 8.8.5 GA
AuthProv working and pulling in accounts into Zimbra
Authentication working against AD

Gluu Server
Version 3.1.5
Cache Refresh Working (Pulling AD Accounts into GLUU)
Authentication Working against AD

Now....I know that Zimbra needs to be redirected to the the Gluu server for Authentication - Web Client Login URL and Logout URL
I am able to redirect to my GLUU Server
I login and the redirect does not happen.

I have tried and looked at various things. Looking for some assistance and willing to pay for your time. SSH is available - These are test servers.

Let me know
Thank You
User avatar
DualBoot
Elite member
Elite member
Posts: 1326
Joined: Mon Apr 18, 2016 8:18 pm
Location: France - Earth
ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
Contact:

Re: SSO with GLUU - Willing to Pay for Consulting

Post by DualBoot »

Hello,

what kind of SSO did you set ? (CAS, SAML or what else)

Regards,
mr_tps
Posts: 8
Joined: Tue Mar 19, 2019 5:46 am

Re: SSO with GLUU - Willing to Pay for Consulting

Post by mr_tps »

I am also doing the same thing, setting up zimbra mail with Gluu server for saml authentication.
I am able to redirect to my GLUU Server and after login in Gluu serevr, it redirect back to the zimbra server with saml-response.
But zimbra server say

Code: Select all

 500 error
.
zimbra server /opt/zimbra/log/zmmailboxd.out log says

Code: Select all

ServletException: Could not find the domain corresponding to the given SAML Response
I have also put it in here. Check this out for further details.
https://stackoverflow.com/questions/552 ... onse-error

Any help ?
Last edited by mr_tps on Thu Mar 21, 2019 10:04 am, edited 1 time in total.
User avatar
DualBoot
Elite member
Elite member
Posts: 1326
Joined: Mon Apr 18, 2016 8:18 pm
Location: France - Earth
ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
Contact:

Re: SSO with GLUU - Willing to Pay for Consulting

Post by DualBoot »

Maybe your redirection is a Zimbra virtualhostname which handles a domain who is not the domain provided by the SAML metadata.
Regards,
mr_tps
Posts: 8
Joined: Tue Mar 19, 2019 5:46 am

Re: SSO with GLUU - Willing to Pay for Consulting

Post by mr_tps »

virt-what command shows "VMware".
# "dmesg |grep -i hypervisor" shows the below output

Code: Select all

[    0.000000] Hypervisor detected: VMware
[    0.000000] vmware: TSC freq read from hypervisor : 2926.000 MHz
[    0.000000] vmware: Host bus clock speed read from hypervisor : 66000000 Hz
[    0.000000] Booting paravirtualized kernel on VMware hypervisor
[    1.919694] [drm] Max dedicated hypervisor surface memory is 163840 kiB

is that means virtual host..... Is this will create a problem?
mr_tps
Posts: 8
Joined: Tue Mar 19, 2019 5:46 am

Re: SSO with GLUU - Willing to Pay for Consulting

Post by mr_tps »

Code: Select all

  [zimbra@mail~]$ zmcontrol -v
Release 8.8.5_GA_1894.RHEL7_64_20171026035615 RHEL7_64 FOSS edition

Code: Select all


[zimbra@mail saml]$ java -jar /opt/zimbra/lib/ext/saml/samlextn.jar
Implementation-Title: Zimbra SAML Extension
Implementation-Version: 8.8.10_GA_3039
Implementation-Vendor: Zimbra Software, LLC
My zimbra mail version is 8.8.5 but samlextn.jar version shows 8.8.10 . Is this creating the that problem ? or Does it(version) matter ?
User avatar
DualBoot
Elite member
Elite member
Posts: 1326
Joined: Mon Apr 18, 2016 8:18 pm
Location: France - Earth
ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
Contact:

Re: SSO with GLUU - Willing to Pay for Consulting

Post by DualBoot »

VirtualHostname for domain managed by Zimbra.
Check it in the admin web ui.
Regards,
beccom
Posts: 2
Joined: Mon Mar 11, 2019 10:51 pm

Re: SSO with GLUU - Willing to Pay for Consulting

Post by beccom »

Hi DualBoot

We are trying SAML and Connect ID. Here is a more detailed post on where we are. You can PM me and we can talk offline if you like.
viewtopic.php?f=17&t=65883

Looking forward to working this out with you offline
Post Reply