I want to make an intranet with SSO Authentication through Active Directory. I searched about and I found maybe two ways :
Using the apache module mod_authnz_sspi . I can get the username and the domain but it seems there is no authentication. Maybe I don't really get it...
Here my apache conf for this module :
\n \n AuthType SSPI \n SSPIAuth On \n SSPIAuthoritative On \n SSPIOfferBasic On \n SSPIOmitDomain Off \n SSPIDomain MyDOMAIN \n Require valid-user \n\n
So I guess the "connection" is not really safe...
Using the apache module mod_authnz_ldap but I can't make it works well...
Here my apache conf for this module :
\n \n AuthName "LDAP Authentication" \n AuthType Basic \n AuthBasicProvider ldap \n AuthLDAPBindAuthoritative off \n AuthLDAPURL "ldap://ad.server.fr:389/DC=server,DC=local?sAMAccountName?sub?(objectClass=person)" NONE \n AuthLDAPBindDN ldap@server.local \n AuthLDAPBindPassword password \n AuthLDAPRemoteUserAttribute on \n LDAPReferrals Off \n\n
I got this error LDAP: SSL support unavailable: LDAP: CA certificates cannot be set using this method, as they are stored in the registry instead.
but I don't want to use SSL for the connection...
Actually I don't really get how this works. My active directory doesn't get connection from my apache or just maybe anonymous.
Now I don't know how to make a SSO Authentication on my intranet. Which way is better ? Is there another one ?
I use wamp ( for windows ) with apache 2.4.4.
I use apache 2.4.4, on windows xp, with mod_authnz_sspi and the following works for me for people using IE8. But i'm not using PHP. Using Django.
<Location "/k/">
AuthName "Something"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIDomain "COMPANY"
SSPIUsernameCase "upper"
require valid-user
SSPIPerRequestAuth Off
require user "NT AUTHORITY\ANONYMOUS LOGON" denied
</Location>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.