0

I am trying to implement SSO for php application deployed in Ubuntu Apache2 and users in the Windows domain needs to access this app without signing in. So need help. Anyone who has already tried achieving it.

Ubuntu is not under AD domain.

satish john
  • 226
  • 1
  • 6
  • 14
  • I think your question might already be covered by http://stackoverflow.com/questions/1003751/how-do-i-use-microsoft-ad-and-php-single-sign-on-web-app and http://stackoverflow.com/questions/4259768/how-does-single-signon-sso-works-with-php-apache-against-an-active-directory – Simon East Jul 16 '15 at 05:50

1 Answers1

2

I did this yesterday using mod_auth_kerberos. Basic process is as follows:

  1. Install kerberos and configure

  2. On active directory create a new user

  3. Use ktpass on windows to create a keytab

  4. Copy keytab to ubuntu and configure apache to use keytab

Have a look at the documentation here: http://www.grolmsnet.de/kerbtut/. It explains the configuration files better than I ever could.

Ubuntu specific bits are probably just installation, for which you'll want:

sudo apt-get install krb5-user libapache2-mod-auth-kerb
Simon East
  • 55,742
  • 17
  • 139
  • 133
r-mo
  • 36
  • 2
  • Thanks for the help will try and update. Also does this configuration add the ubuntu machine to the windows workgroup. Because i need the Ubuntu machine to be independent and not to be part of the Windows Workgroup since for testing purposes i am using the virtual box of windows 2008 server where i have configured the LDAP AD. – satish john Jan 23 '14 at 11:26
  • No, it doesn't require the Ubuntu machine to be joined to the domain. It just requires an additional user account on the AD :) – r-mo Jan 30 '14 at 11:14