Apache SSPI configuraiton
Posted: Wed Feb 08, 2012 2:22 am
Hi Fellows,
I have to configure an intranet site for single sign on. Domain users shall login transparently after AD authentication. The infrastructure I have is as follows:
Windows 2008 AD Server
Windows 2008 based Apache 2.2
A Windows 7 client
My plan is to get the Windows domain user name using the Apache's SSPI module and then user LDAP for AD authentication. LDAP authentication part is done, but am stuck with the SSPI to capture the username. below is what I have done so far with the results:
I have installed SSPI module for Apache by following these steps:
putting the SSPI module .so file into the modules folder
putting the bin folder .exe file inside the bin folder
added the loadmodule line in the load module section inside httpd.conf
added the following in the Directory section to load the module and protect the directory
Now my understanding is the SSON folder and the sub-folders should be protected, but Domain users should be able to access the contents transparently instead each time I try to access something inside the folder, it gives a login prompt (both Mozilla and IE 9). Even if you fill in the username/password properly, the prompt keeps asking you for the credentials. The Apache error log shows the authentication failure messages, where as I am using my own domain name/pass of which am dead sure.
I have checked the SERVER and PHP variables but couldn't found the REMOTE_USER variable either. Also as a Domain user, the web server should let me through transparently and populate the REMOTE_USER variable. Please anyone can point out whats missing and where.
Thanks for the help.
I have to configure an intranet site for single sign on. Domain users shall login transparently after AD authentication. The infrastructure I have is as follows:
Windows 2008 AD Server
Windows 2008 based Apache 2.2
A Windows 7 client
My plan is to get the Windows domain user name using the Apache's SSPI module and then user LDAP for AD authentication. LDAP authentication part is done, but am stuck with the SSPI to capture the username. below is what I have done so far with the results:
I have installed SSPI module for Apache by following these steps:
putting the SSPI module .so file into the modules folder
putting the bin folder .exe file inside the bin folder
added the loadmodule line in the load module section inside httpd.conf
added the following in the Directory section to load the module and protect the directory
Code: Select all
<IfModule !mod_auth_sspi.c>
LoadModule sspi_auth_module modules/mod_auth_sspi.so
</IfModule>
# Configuration for mod_auth_sspi
<Directory "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs/SSON">
AuthType SSPI
AuthName "Group IT Portal - Login using your DOMAIN username and password"
Require valid-user
SSPIAuth On
SSPIAuthoritative On
# replace the IP address below with the IP of your domain controller:
SSPIDomain 176.12.23.22
SSPIOmitDomain Off
SSPIOfferBasic On
SSPIBasicPreferred On
SSPIofferSSPI off
</Directory>
I have checked the SERVER and PHP variables but couldn't found the REMOTE_USER variable either. Also as a Domain user, the web server should let me through transparently and populate the REMOTE_USER variable. Please anyone can point out whats missing and where.
Thanks for the help.