Zimbra OpenID error zmprov


I try to make Zimbra works with Keycloak, keycloak as on IDP.

For use with SAML we need Zimbra Network Editions, but in Zimbra FOSS it seems to be possible to connect Zimbra with OpenID Provider with openidconsumer

I try this in readme : Using Keycloak as the OpenIDC Identity Provider (to Login) to Zimbra – Number ONE

But when I try :

./zmprov md mydomain +zimbraOpenidConsumerAllowedOPEndpointURL "https://<keycloak_url>/realms/myrealm/protocol/openid-connect/auth"

I have on error :

ERROR: account.AUTH_FAILED (authentication failed for [zimbra])

Does someone have work result with this ?


Based on the link you provided:

OpenID Consumer tries to discover the OpendID Provider Endpoint URL using the user-supplied-identifier. If the discovery process fails to discover any endpoints then the user-supplied-identifier is assumed to be the OpenID Provider Endpoint URL.

The discovery URL for a keycloak realm is https://<keycloak_url>/realms/myrealm/

You can try that.

Also, I must ask if you created a client for zimbra on keycloak, as the doc you sent tell nothing about that part. You’ll need a client id and client secret and configure zimbra somehow to use them when talking to keycloak.