Importing SAML Configuration
You can integrate a SAML application in Zextras in two ways — automatic and manual. The following sections describe each method in detail.
Import SAML Configuration Automatically
To integrate a SAML application into Zextras automatically, you need to configure the IDP using the Zextras SAML SDP data, which can be obtained from the following URI:
Here, ZIMBRA_PUBLIC_URL is the URL of the Zextras instance and example.com is the domain for which you want to enable SAML.
Above all, the following parameters must be taken into account:
-
"sp.nameidformat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress "
-
"sp.entityid": https://ZIMBRA_PUBLIC_URL/zx/auth/samlMetadata?domain=example.com
-
"sp.assertion_consumer_service.url": https://ZIMBRA_PUBLIC_URL/zx/auth/saml
Once the IDP is configured and you have the IDP metadata URL, you can import the configuration using the command (assuming the IDP metadata are in https://localidp.local.loc/simplesamlphp/saml2/idp/metadata.php):
zxsuite auth saml import example.com URL https://localidp.local.loc/simplesamlphp/saml2/idp/metadata.php
If the IDP is using an unsecured connection or a self signed certificate, the command will be this:
zxsuite auth saml import example.com url https://localidp.local.loc/app/xxxxxxxxxxxxxxx/sso/saml/metadata allow_unsecure true
You are now DONE! You can see the SAML button.
Import SAML Configuration Manually
If you need to manually edit the SAML configuration, you can:
-
Export the default SAML settings using:
zxsuite auth saml get example.com export_to /tmp/saml.json
-
Open the resulting file /tmp/saml.json in any editor and modify the requested attributes
-
entityid
-
assertion_consumer_service.url
-
nameidformat
-
-
Save the changes made to the file and import it into Zextras Suite using the command:
zxsuite auth saml import example.com /tmp/saml.json
It is also possible to view or edit single attributes by using the
zxsuite auth saml get and zxsuite auth saml set command options.
|