Apache + Active Directory + SSL + mod_auth_sspi = Single Sign-On!

Ok guys. I’ve got something smart to write, at last.

Let’s say your boss has a brilliant idea:

lampadina«WTF, we’ve got Active Directory, we could open Internet Explorer and get into our webservers without having to authenticate!»

Let’s say you had implemented Apache with SSL on a Windows Server. Eurk.

Let’s say you managed to discover that you have to load mod_auth_sspi into Apache.

And so far, Internet Explorer is giving a freaky “Error 401: Authorization Required!” while Firefox, Opera etc. are gently fallbacking to basic auth.

The deadline is coming… you are sweating… You have spent the whole weekend googling to figure that sh*t out…

Well, what happened to me was: as soon as I heard the Boss’ footsteps, I remembered having laughed at three lines in the OpenSSL module configuration…

…YEAH! SSPI works as a charm, it’s the SSL conf the problem!

Leave SSPI alone, my dears, ’cause you only have to comment the

BrowserMatch *MSIE* blabla

directive in Apache’s SSL conf.

Then it’s only a matter of cleaning Internet Explorer’s cache and you’ll enter your website without having to type in anything.

Of course it’s still smarter to use Firefox/Opera/Safari, but the boss is pleased and smiling. W00t!

About these ads

3 pensieri su “Apache + Active Directory + SSL + mod_auth_sspi = Single Sign-On!

  1. Thank you sooooooooooooooo much! I searched for two days for a solution and finally i had just to comment out those lines

  2. Hi Marzo,

    Great post.. so does it mean the SSPI wont work without SSL?
    I have a similar setup where I am working to Single sign On for an Intranet site. Ideally domain users should be authorized against AD over LDAP and log in transperantly.

    I have tried different things but getting the 401 Authorization Error. I din’t setup SSL over Apache though, is it the missing piece?

Rispondi

Inserisci i tuoi dati qui sotto o clicca su un'icona per effettuare l'accesso:

Logo WordPress.com

Stai commentando usando il tuo account WordPress.com. Chiudi sessione / Modifica )

Foto Twitter

Stai commentando usando il tuo account Twitter. Chiudi sessione / Modifica )

Foto di Facebook

Stai commentando usando il tuo account Facebook. Chiudi sessione / Modifica )

Google+ photo

Stai commentando usando il tuo account Google+. Chiudi sessione / Modifica )

Connessione a %s...