2

Am trying to use the SSO LDAP module on Drupal. The LDAP authentication for Drupal works fine (people can login using their AD credentials on Drupal and be logged in, the test system also returns relevant AD credentials such as email addresses).

However the SSO fails to work. On the front end I get an error message saying 'You were not authenticated by the server'.

Checking the Drupal error logs I get the error $_SERVER['REMOTE_USER'] not found

I'm not particularly comfortable around server settings and things, so appreciate any help I can get. Doing a google search of the problem didn't seem to match my problem.

For the technical specifications:

I'm using mod_auth_sspi to authenticate The server is an Apache server running on Windows. I'm using Uniform Server 8.1.2 which uses PHP 5.3.10 and Apache 2.2.22

Thank you for any help.

gdhp
  • 41
  • 2
  • 5

1 Answers1

0

LDAP SSO expects mod_auth_sspi to set the REMOTE_USER server variable with the name of the authenticated user, but apparently it's not doing that.

The mod_auth_sspi wiki says you should add

JkEnvVar REMOTE_USER

to your mod_jk configuration. You could put it anywhere in your Apache configuration. Then reload Apache.

Andrew Schulman
  • 8,811
  • 21
  • 32
  • 47
  • Thanks for the quick response. It would seem the Uniform Server doesn't come with mod_jk which doesn't help. Will get it downloaded and installed and see where we get to. – gdhp Jan 03 '14 at 10:14
  • No, if you're not already using mod_jk, then it won't be part of the request flow and configuring it won't help. The mod_auth_sspi wiki seemed to assume it. – Andrew Schulman Jan 03 '14 at 10:33
  • From what I can tell, correct me if I'm wrong: mod_jk is part of Tomcat which isn't installed on Uniform Server, hence I currently don't have it. The questions is, does mod_auth_sspi require Tomcat to function. I've not seen it written anywhere, but maybe I'm missing something. Would installing Tomcat and mod_jk onto the server and then configuring mod_jk solve the remote_user not found problem? Or should I try a different approach? – gdhp Jan 03 '14 at 11:17
  • I would imagine you would need to download the DLL and configure Apache to use it. https://stackoverflow.com/questions/2652108/single-sign-on-with-apache-on-windows-7-and-mod-auth-sspi – Linuxx Jul 29 '17 at 00:31
  • 1
    Are you sure you want to use this Apache module? I would not use a module not maintained anymore. See also: [Will there be a mod_auth_sspi for 2.4?](https://www.apachelounge.com/viewtopic.php?t=4548) – Michael Ströder Jul 27 '18 at 14:38