[英]SSO Authentication - Apache/PHP/ActiveDirectory
I want to make an intranet with SSO Authentication through Active Directory. 我想通过Active Directory建立具有SSO身份验证的Intranet。 I searched about and I found maybe two ways : 我搜寻了一下,发现也许有两种方法:
Using the apache module mod_authnz_sspi . 使用apache模块mod_authnz_sspi 。 I can get the username and the domain but it seems there is no authentication. 我可以获取用户名和域,但似乎没有身份验证。 Maybe I don't really get it... 也许我不太了解...
Here my apache conf for this module : 这是我的这个模块的Apache conf:
\n \n AuthType SSPI AuthType SSPI\n SSPIAuth On SSPIAuth开\n SSPIAuthoritative On SSPI授权开启\n SSPIOfferBasic On SSPIOfferBasic开\n SSPIOmitDomain Off SSPIOmitDomain关闭\n SSPIDomain MyDOMAIN SSPIDomain MyDOMAIN\n Require valid-user 需要有效用户\n\n
So I guess the "connection" is not really safe... 所以我猜“连接”并不是很安全...
Using the apache module mod_authnz_ldap but I can't make it works well... 使用apache模块mod_authnz_ldap但我不能使其正常工作...
Here my apache conf for this module : 这是我的这个模块的Apache conf:
\n \n AuthName "LDAP Authentication" AuthName“ LDAP身份验证”\n AuthType Basic AuthType基本\n AuthBasicProvider ldap AuthBasicProvider ldap\n AuthLDAPBindAuthoritative off AuthLDAPBindAuthoritative关闭\n AuthLDAPURL "ldap://ad.server.fr:389/DC=server,DC=local?sAMAccountName?sub?(objectClass=person)" NONE AuthLDAPURL“ ldap://ad.server.fr:389 / DC = server,DC = local?sAMAccountName?sub?(objectClass = person)”无\n AuthLDAPBindDN ldap@server.local AuthLDAPBindDN ldap@server.local\n AuthLDAPBindPassword password AuthLDAPBindPassword密码\n AuthLDAPRemoteUserAttribute on AuthLDAPRemoteUserAttribute在\n LDAPReferrals Off LDAPReferrals关闭\n\n
I got this error LDAP: SSL support unavailable: LDAP: CA certificates cannot be set using this method, as they are stored in the registry instead.
我收到此错误LDAP: SSL support unavailable: LDAP: CA certificates cannot be set using this method, as they are stored in the registry instead.
but I don't want to use SSL for the connection... 但我不想使用SSL进行连接...
Actually I don't really get how this works. 其实我不太了解它是如何工作的。 My active directory doesn't get connection from my apache or just maybe anonymous. 我的活动目录无法从我的Apache获得连接,或者可能是匿名的。
Now I don't know how to make a SSO Authentication on my intranet. 现在,我不知道如何在我的Intranet上进行SSO身份验证。 Which way is better ? 哪种方法更好? Is there another one ? 还有另一个吗?
I use wamp ( for windows ) with apache 2.4.4. 我在Apache 2.4.4中使用wamp( 用于Windows )。
I use apache 2.4.4, on windows xp, with mod_authnz_sspi and the following works for me for people using IE8. 我在Windows XP上使用apache 2.4.4和mod_authnz_sspi,以下内容适用于使用IE8的用户。 But i'm not using PHP. 但是我没有使用PHP。 Using Django. 使用Django。
<Location "/k/">
AuthName "Something"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIDomain "COMPANY"
SSPIUsernameCase "upper"
require valid-user
SSPIPerRequestAuth Off
require user "NT AUTHORITY\ANONYMOUS LOGON" denied
</Location>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.