Single Sign On with apache on windows 7 and mod_au

2019-04-01 11:09发布

问题:

I am running a apache (xampp 1.7.3) server on my local windows 7 PC. This PC is connected to a LAN and a Active Directory domain called "colours". My local username is CHRISTOPHER-PC/Christopher, and the domain username is COLOURS/Christopher.

For admin connection to the AD server, I use a PHP scripted called adLDAP. As default, this script (examples/authenticate.php) gives the user two input fields for login. This works fine.

But I want my users to auto sign in if they are logged in to their AD account. For this I'm trying to use the mod_auth_sspi module. But I'm having some problems... :\

My httpd.conf looks like this:

<Directory "C:/xampp/htdocs">
  Options Indexes FollowSymLinks Includes ExecCGI
  AllowOverride All
  Order allow,deny
  Allow from all

  AuthName "A Protected Place"
  AuthType SSPI
  SSPIAuth On
  SSPIAuthoritative On
  SSPIDomain colours
  SSPIOfferBasic On
  SSPIBasicPreferred On
  require valid-user
</Directory>

When i go to http://localhost/ or http://my-ip-address/ (from another computer) i dialogue box pops up and asks for the domain username and password. I know that this is caused by "require valid-user", but if I remove it the user is not auto logged in.

回答1:

Do the following:

  1. Add Integrated Authentication of IE's advanced security.
  2. Add your urls (http://my-ip-address/) to trusted zones.


回答2:

I know this is an old post, but have you checked to see if you add your site in the trusted list in IE, that it stops the popup to appear? If you do this, in conjunction with require valid-user, it should work (with mod_auth_sspi).

Tools > Options > Security Tab > Local Intranet > Sites (button) > Advanced (button) > Add site using this screen

HTH!

ps: in PHP, the following variables would have the desired info: $_SERVER["REMOTE_USER"] AND $_SERVER["PHP_AUTH_USER"]. They would contain "domain/user_name".