Page 1 of 1

U2F fido alliance

Posted: Sun Jul 29, 2018 6:43 pm
by JDunphy
Does anyone know if Zimbra will support U2F or better yet FIDO 2 from the Fido alliance as one of the second factors at some point? I have a co-op student building us cheap u2f tokens for approx $4 each based on the u2fzero project and we are close to finished on the hardware side for her project. I still need to modify the code for some features we require and started to look into zimbra and what it would take. Anyone have anything to add on the difficulty of adding additional 2nd factors?... I saw the /opt/zimbra/docs/ which is my starting point. Just curious if there is even a desire for this from the community???

For those that don't know, most browsers with the exception of safar now have native U2F support. The U2Fzero project uses a hardware secure enclave (ATECC508A) and is fairly immune to attacks even on machines with keyloggers and other malware installed.

Ref: ATECC508A and

Re: U2F fido alliance

Posted: Sun Mar 24, 2019 6:45 pm
by krapula
Native U2F or FIDO2 support would be nice, but while waiting for it you can achieve this with an SAML 2.0 IDP which supports them. For example RCDevs OpenOTP works fine, it's a commercial product but the freeware edition works for up to 40 users.

Unfortunately even with compatible IDP, Zimbra SAML support seems very limited. Only IDP initiated SAML workflow is supported, but that is better than nothing.