Requirements
QR Code Requirements
The QR Code Application Password feature requires the following properties to be set at domain level in order to be functional:
-
zimbraPublicServiceHostname -
zimbraPublicServicePort -
zimbraPublicServiceProtocol
Should one or more of the properties be unset, a notification will be delivered to the Admin reporting the affected domains and their missing properties.
2FA Requirements
In order to properly have 2FA set up, the zimbraAuthMech attribute
bust be configured at domain level:
zmprov modifyDomain example.com zimbraAuthMech custom:zxTo enable 2FA it is also necessary to configure some Zimbra parameter:
-
Enter the addresses of all mailboxes and MTAs as
zimbramailtrustedip, using the commandzmprovas follows:
zmprov mcf +zimbramailtrustedip IP_ADDRESS/32 (1)
zmprov mcf +zimbramailtrustedip IP_SUBNET/NETMASK (2)| 1 | add a single IP e.g., 192.168.72.29/32 |
| 2 | add a whole subnet e.g., 192.168.72.1/24
|
|
2FA requires a specific zimbraAuthMech and this make it not compatible with other mechanism such as ldap, ad or kerberos5 |
SAML Requirements
Before enabling SAML login, it is necessary to modify the Zextras Backend processing, because these header attributes are required to compose the complete URL request: Protocol X and X-Port.
The files affected by this change are the templates:
-
nginx.conf.web.http.default.template -
nginx.conf.web.http.template -
nginx.conf.web.https.default.template -
nginx.conf.web.https.template
In each of them, the location ^~ /zx/ code should be changed:
location ^~ /zx/
{
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass ${web.upstream.zx};
}