Zimbra with on premise Single Sign-On using Keycloak

In this article you will learn how to install Keycloak and how to set-up
Zimbra on Keycloak. Keycloak is an open source identity and access
management solution developed by RedHat.

By using Keycloak you will be able to manage all your users from
Keycloak and implement Single Sign-On. Keycloak offers SAML, OpenID,
social login, multi-factor authentication and more.

The technology used in this article is SAML, an open standard for Single
Sign-On. When using SAML an Identity Provider (IdP) will take care of
user authentication after which users can use their applications without
having to log-on to each of them separately. In SAML these applications
are called Service Providers (SP).

Learning objectives:

  • How-to Install Keycloak on Ubuntu 20.

  • Understand that Keycloak is a SAML IdP out of the box.

  • Configuring Zimbra as a SAML SP on Keycloak.

Further reading: https://github.com/Zimbra-Community/keycloak

Using Zimbra with strong TLS configuration

Transport Layer Security (TLS) encrypts data sent over the Internet to ensure that eavesdroppers and hackers are unable to see what you transmit which is particularly useful for private and sensitive information such as passwords, credit card numbers, and personal correspondence. (further reading: https://www.internetsociety.org/deploy360/tls/basics)

In this article you will learn how to configure Zimbra to use only strong encryption ciphers for TLS.

Further reading: https://wiki.zimbra.com/wiki/Cipher_suites

Zimbra LifeSize Zimlet

  • This Zimlet for Zimbra 8.8.x allows the reservation of Lifesize virtual rooms with integration of login credentials directly in the text of the meeting message.
  • It was made based on code from Barry de Graaff https://github.com/Zimbra-Community/startmeeting.
Zimlet reservation


Reply by Filter Zimlet

With this Zimlet installed you can enable automated replies based on a filter from within your Zimbra Web Mail.

While you could always configure Zimbra filters to send automated replies over CLI using:

/opt/zimbra/bin/zmmailbox -z -m account@domain.com afrl "Filter_name" 
active any address "to,cc" all is "alias@domain.com" reply "Auto reply message" stop

This feature was not available to the end user in the Web Interface. This Zimlet adds a button in Preferences -> Filters -> Create Filter to add this functionality. https://github.com/Zimbra-Community/reply-by-filter

2019 Crowdfunding poll

We have completed the Survey Monkey and the winner is Zimbra FOSS Two Factor authentication.

Based on the survey our initial focus will be Zimbra FOSS 2FA and that will probably be based on PrivacyIDEA and PrivacyIDEA LDAP proxy and will probably be made available via dockerhub.