Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [single-sign-on]

Single Sign On is a technology that allows a single login to be transparently used with multiple applications and environments.

Single Sign On (SSO) is a technology that allows the transparent use of a single username and password in multiple security domains. They're commonly used as part of a greater framework which unites otherwise separate systems into a single virtual login domain. SSO systems may be purely web-based, or client-based.

A variety of technologies can be used to build SSO systems.

347 questions
0
votes
2 answers

Kerberos SSO browser integration?

I'm installing a bunch of web apps for the office, and one of the wants would be Kerberos-managed SSO. Now, I have found some information on the matter, and I wondered, what browsers integrate Kerberos SSO? Of course I could just use the underlying…
Olivier Tremblay
  • 347
  • 3
  • 16
0
votes
0 answers

applying Nginx SSO with authorization to selected subdomains

I need an open source SSO tool integrated with Nginx like authelia. It must be able to manage users' access to different sites. For example, the "s.com" domain is protected by SSO. This domain has four sub-domains named "a","b","c", and "d". Also,…
sh91
  • 1
  • 2
0
votes
1 answer

Unable to setup SAML with internal IdP (SP is checking for valid URL)

I've been reading through the various ways to configure an IdP/SP relationship and going back forth with a vendor I'm setting up our IdP to authenticate with. We've exchanged metadata and the essentials like Entity ID and login URL's, but when I go…
ceskib
  • 761
  • 1
  • 9
  • 24
0
votes
0 answers

Do I need an ADFS and Proxy?

The client has an ADFS server and they use our APP hosted on IIS developed on Dot Net. How Do I set UP ADFS - do I need ADFS Proxy server as well, Can I use an existing AD server and install ADFS, we should also create an URL for access. something…
DisplayName
  • 262
  • 4
  • 14
0
votes
0 answers

How can I debug a 'KidNotFound' error when implimenting GitLab SSO with Azure AD as IdP?

I am trying to integrate our self-managed GitLab 15.9.3-ee instance with our Azure AD. Using Azure AD as the IdP for SSO in to GitLab, I have been using the documentation…
MrRed
  • 11
  • 6
0
votes
1 answer

Azure AD B2C on backend or front end?

I have a service oriented application where the fornt end is a NextJs application and the backend is a .net core API project. I want to use Azure AD B2C to provide Authentication. Should I configure AD on the front end to perform the login and send…
demu
  • 1
0
votes
1 answer

ADFS Client Certificate Authentication

I have ADFS on my environment and it's currently authenticating via active directory perfectly fine. I'm trying to enable certificate authentication so they can authenticate with their smart cards. Currently, the smart cards are imported into their…
Mlsracer
  • 1
  • 1
0
votes
0 answers

AD FS SP forcing custom AuthnRequest

AD FS Error: Exception details: Microsoft.IdentityServer.Service.Policy.PolicyServer.Engine.UnknownAuthenticationTypePolicyException: MSIS3305: None of the AuthenticationContext class references specified in the SAMLP request is supported by the…
Mikkel
  • 1
0
votes
0 answers

ADFS Claims Provider not receiving username/email

I have an on-prem ADFS setup as below with SAML2, SP <=> ADFS <=> IDP When the SP initiates an authentication, the client can redirect to the IDP (configured as a Claims Provider) and authenticate himself. However, I need to pass any form of client…
Sency
  • 111
  • 4
0
votes
0 answers

Authentication Uses NTLM instead of Kerberos

We have transfered our site (httpd+nginx+php) from simple host with 3 containers to kuber cluster. And after that for some reason SSO has stopped working. Kerberos and samba configs are the same, AD domain is the same. Simple kerberos login with…
Rumotameru
  • 1
0
votes
0 answers

Apache with SSO and group-based authentification

I would like to configure SSO in Apache incl. group-based authentication. It means that users, who are a member of a particular group, should be able to log in to the website without entering the login data. Users, who aren't a member of the group,…
honeybee
  • 1
  • 2
0
votes
0 answers

Azure AD app registration - possible to modify or transform email claim provided by OIDC SSO?

We have two instances of a SaaS app from a vendor that have SSO capabilities using OIDC. Our app users are differentiated based on the provided email address when logging in using the login page provided by the SaaS app vendor. A subset of our users…
Micah Yeager
  • 121
  • 1
  • 7
0
votes
0 answers

Apache2 SSO mod_auth_kerb An unsupported mechanism was requested

I am using a Windows 2022 Server running the active directory (server.local) and a Debian 10 Server running Apache. When accessing the Site with Chrome or Internet Explorer it returns a 401 Status Code and the error.log has…
dwaltsch
  • 1
  • 2
0
votes
1 answer

Issues configuring SAML authentication in Apache Guacamole behind a HAProxy

I've deployed an Apache Guacamole server and trying to configure SSO using SAML with a Cloud IdaaS. HAproxy is in front of the Guacamole server, providing SSL offloading. Apache Guacamole was configured following the tutorial on the Guacamole…
user1913559
  • 219
  • 2
  • 12
0
votes
1 answer

Single Signon best practice for phpMyAdmin across multiple servers

I run a small web development company and we run multiple production servers, each with their own MySQL database server. I'm trying to figure out the best way of giving access to these separate MySQL instances to my team. I've set up phpMyAdmin on…
james-geldart
  • 101
  • 2
1 2 3
23 24