-1

I have a website running on a AWS Linux EC2 instance with a Cpanel/WHM installation.

Until now the website was protected by a single password, but I was asked to implement the company's Single Sign On.

We have ADFS 2.0 and Azure AD. We have some LDAP servers but they are all internal. We do not have internal knowledge of what to do in this situation as our AD admins only deal with Windows.

I don't know what the best option here is. Should I:

  • connect to LDAP servers through a VPN
  • implement ADFS/Azure on an AWS level
  • implement ADFS/Azure on an EC2 level
  • implement ADFS/Azure on an Cpanel level
  • port the website to a windows server
  • implement ws-fed or ws-trust

Any help is welcome.

HBruijn
  • 77,029
  • 24
  • 135
  • 201
Gary
  • 1
  • 2
  • I am not too knowledgeable about AWS, but I know a lot about ADFS. I would imagine you can get what you want by leveraging ADFS/Azure since you get SAML 2.0 tokens that are usable with Google services among many other things. Getting them to work with Cpanel/WHM might be something you can do via SimpleSAMLphp. – MrMajestyk Nov 10 '15 at 12:37
  • Thanks for the reply MrMajestyk. I'll have a look at SimpleSAMLphp. – Gary Nov 10 '15 at 12:53

1 Answers1

0

I went with MrMajestyk's proposition of using simpleSAMLphp, and it worked out great.

I used this guide: https://www.lewisroberts.com/2015/09/05/single-sign-on-to-azure-ad-using-simplesamlphp/

It was nearly as easy as it seems in the guide, except for some small points that aren't detailed.

  1. The guide doesn't specify well what has to be installed before starting. It can be started from point 6 in this quickstart: https://simplesamlphp.org/docs/1.5/simplesamlphp-install
  2. Azure will not accept non-https sites
  3. the guide gets the "reply URL" from an error message, but it can be found in the simpleSAMLphp config page under "Federation"

I hope this helps someone.

Gary
  • 1
  • 2
  • Hi Gary, I'm glad my guide could help you through your project. The guide as you've linked is actually part of a series and the previous one shows you how to install and configure simpleSAMLphp but in a Windows environment. https://www.lewisroberts.com/2015/09/04/single-sign-on-with-azure-ad-in-php/ The reason for the reply URL from an error message is to show the correlation between the information being provided and Azure's requirements - mainly since the guide is a learning tool. :) – Lewis Dec 06 '15 at 17:08