Page 1 of 1

$_SERVER['remote_user'] for single-sign-on

Posted: Mon Mar 17, 2008 6:08 am
by Aggressio
I have a site running on wamp2 server, and I have users who log in to AD when they start their workstations and I'm trying to achieve a single-sign-on type of a feature in our intranet.

I wouldn't want to restrict anonymous users (or people who haven't logged into AD) from using the site, but just ease things a bit for those who do. So, I'd like to capture their AD username if they have one and use it to automatically log into intranet administration. If the person hasn't logged into AD it would just allow them to login in the old way, but not requiring them to do so just to view the site.

From what I've gathered variables $_SERVER['remote_user'] (module) or $_SERVER['PHP_AUTH_USER'] (CGI) would be of help here, but I have only managed to get the username with $_SERVER['remote_user'] when I configured Apache mod_auth_ssi module. But that also completely blocks out anonymous users and prompts them to provide username and password which I don't want it to do. If no auth module is configured the $_SERVER array doesn't contain any auth info.

I'm a bit newbie with apache config and don't know how I should go about configuring it to allow anyone to view the site, but still enabling receiving the $_SERVER['remote_user'] to grab the AD username.

So, I would appreciate any advice on how to get the AD username if provided without requiring it from every user.

Re: $_SERVER['remote_user'] for single-sign-on

Posted: Mon Mar 17, 2008 6:10 am
by onion2k
What's wrong with using a cookie?

Re: $_SERVER['remote_user'] for single-sign-on

Posted: Tue Mar 18, 2008 8:15 am
by Aggressio
You mean a cookie that stays on indefinitely after user logs in for the first time?

Well, nothing wrong about that, but I was hoping to use the variable that is allready there (somewhere, since I managed to get it out if set Apache authentication to block out users without credentials).