https://stackoverflow.com/questions/15187055
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianYou can check the official documentation here:
Log into Zimbra programmatically
Question
I am creating a plugin in my website, where logged in users can view their emails. The Email Server I am developing against is Zimbra. So far, I have been able to successfully fetch and display user emails using PHP's imap_open function:
imap_open($server, $email, $password)
When a user clicks on an email link on the website, the user is navigated to the zimbra web client. However, the users will have to reenter their log-in credentials once more. I have checked my browser's cookie information, and have noticed that Zimbra sets a cookie, ZM_AUTH_TOKEN, when a user is logged in: I believe Zimbra uses this cookie to detect if a user is already logged in. In essence, my task is to eliminate this extra step of re-logging in; if there are open-source solutions, I would like to know about these as well.
Solution
OTHER TIPS
This is half of a solution -- sorry I've never programmed with Zimbra, but I've implemented single sign-on across php projects several times.
Is your domain and the domain of the zimbra webserver the same? If they are you can see and manipulate each other's cookies. Try to find the zimbra code that handles the login and sets a cookie. Then write a little web service web page and put it on the zimbra server that calls that code and returns the cookie token. Your website can then do a curl behind the scenes over to zimbra when a user logs in, get the token contents for the cookie and then set the appropriate cookie so they are logged into Zimbra. I secure the web service web page with a password that only my plugin website knows.
If they are not the same domain you can still do it. But instead of doing this through curl on the server you'll have to use frames or JavaScript on the client. Also a simple password to secure the login web service will not work since it is being accessed by the browser and everyone can see the password. You'll have to make the password more secure like hashing their email address (assuming it is the same on both servers) with a predefined secret.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
