This is half the solution - itβs a pity that I never programmed Zimbra, but I implemented single sign-up through php projects several times.
Is your domain and zimbra web server domain the same? If they are, you can see and manipulate each other cookies. Try to find the zimbra code that processes the login and sets the cookie. Then write down a small web service web page and put it on the zimbra server, which calls this code and returns the cookie token. Your site can then take a curl backstage to zimbra, when the user logs in, receives the contents of the cookie token, and then sets the appropriate cookie so that they enter Zimbra. I protect the web service web page with a password that only my plugin site knows.
If this is not the same domain, you can still do it. But instead, through curl on the server, you have to use frames or JavaScript on the client. In addition, a simple password to protect the web login service will not work, as it is viewed by the browser and everyone can see the password. You will need to make the password more secure, for example, hashing your email address (provided that it is the same on both servers) with a predefined secret.