Apache single sign on

[danbuntu]

I'm trying to get get single on for an application i've built. so far I have enabled authnz-user and mod-ldap and have the following in my vhost;

 

   ServerAdmin [email protected]
   DocumentRoot "C:/xampplite/htdocs/test"
   ServerName test.midkent.ac.uk
   ServerAlias test.midkent.ac.uk
   ErrorLog "logs/moodledev.log"
   CustomLog "logs/moodledev-access.log" combined

Order deny,allow
Allow from all
AuthBasicProvider ldap
AuthzLDAPAuthoritative Off
AuthLDAPURL "ldap://serverip:3268/ou=Staff,ou=Users OU,dc=domain,dc=ac,DC=uk?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "CN=dattwood,OU=ICT,OU=Support,OU=Staff,OU=Users OU,DC=domain,DC=ac,DC=uk"
AuthLDAPBindPassword "mypassword"
AuthType Basic
AuthName "Protected"
require valid-user

 

when I go to my test2 url I get a pop up box as expected but it refuses to take my user anme and password and let me in. I can find anything in the error or access logs that points me in the right direction. Ultimately I want this to be able to do single sign on and a quick and dirty access control method

Edited September 29, 2010 by danbuntu

[Cools]

have you got samba with ntlm and kerberos all setup??? and when you wbinfo -u you see all the users ???

[danbuntu]

It's all sat on windows I'm afraid so no samba.

 

I've actually got part way there with sspi. I can can protect a folder and allow access to it only if the user is a member of a specific group.

 

Unfortunately they get a pop up box and I can't get the single sign on bit running.

[Cools]

what ya using wamp or just apachi..

[danbuntu]

It's Apache installed from the exe with php and mysql. No xamppl or wamp installer this time

[Cools]

have a look at ..

http://plone.293351.n2.nabble.com/SSO-with-SSPI-and-SSL-LA-U-REMOTE-USER-always-null-td4086748.html

Edited October 1, 2010 by Cools

[danbuntu]

ok cool i'll give that ago when i'm back in the office on monday

[danbuntu]

looks like I sussed it. Was was adding the site to the 'trusted site' - turns out it needs to be added to 'local intranet' then sign in is seamless.

 

I just to read up on grabbing the user name from the header now so that I can display it on the page and use it as a string for latter.

[Cools]

Well done that man... might need the how to guide off you just in case... i need to set it up..

[danbuntu]

it's one of those things which is actually really easy once you know what your doing! Below are my notes;

 

 

Apache Single sign on with Mod_sspi

Brief

To password protect one or more apache directories. This is to disallow student access to the admin functions within the MTG calculator and Risk Tracker

 

Step 1

Download the sspi mod from: mod_auth_sspi | Download mod_auth_sspi software for free at SourceForge.net

Unzip the folder and find the mod_atuh_sspi.so file

Copy this in the apache modules directory

 

Step 2

Add the following to httpd.conf to load the module;

LoadModule sspi_auth_module modules/mod_auth_sspi.so

 

Step 3

 

Add the flowing to the vhost file within the virtualhost tags;

AuthType SSPI

AuthName "Test Login"

SSPIAuth On

SSPIAuthoritative On

SSPIDomain domain.ac.uk

SSPIOfferBasic On

SSPIOmitDomain Off

SSPIBasicPreferred On

Require group "domain\GroupName"

 

Change the domain as needed and the location to the folder you want to protect

!important – the groups name can’t contain spaces!

[Cools]

Simple.. when you know how.. lol.. thanks..