- Create "openidconsumer" directory under /opt/zimbra/lib/ext - Copy "zm-openid-consumer-store-*.jar" to /opt/zimbra/lib/ext/openidconsumer directory - Copy openid4java-1.0.0.jar and guice-2.0.jar to /opt/zimbra/jetty/common/lib directory - Copy "formredirection.jsp" file to /opt/zimbra/jetty/webapps/zimbra/public directory - Configure allowed OpenID Provider URLs for the domain: zmprov md <domain> +zimbraOpenidConsumerAllowedOPEndpointURL <op_endpoint_url> e.g. zmprov md <domain> +zimbraOpenidConsumerAllowedOPEndpointURL "http://www.livejournal.com/openid/server.bml" - If the zimbraOpenidConsumerStatelessModeEnabled server attribute is set to FALSE (TRUE by default), setup memcached - zmmailboxdctl restart - To associate/link an "open id" with a user's account (to provision OpenID-based login in future) when the user is already logged-in into Zimbra web client, browse to: <zimbra_host_base_url>/service/extension/openid/consumer?openid_identifier=<user-supplied-identifier> e.g. <zimbra_host_base_url>/service/extension/openid/consumer?openid_identifier=grishick.livejournal.com You should end up with a "Success" page. Essentially, this step results in the "open id" being added to account's zimbraForeignPrincipal attribute. OpenID Consumer tries to discover the OpendID Provider Endpoint URL using the user-supplied-identifier. If the discovery process fails to discover any endpoints then the user-supplied-identifier is assumed to be the OpenID Provider Endpoint URL. - To initiate OpenID-based login (instead of the usual username/password-based login), again browse to: <zimbra_host_base_url>/service/extension/openid/consumer?openid_identifier=<user-supplied-identifier>