Inserito da: sevencapitalsins | 24 Marzo 2009

Apache + Active Directory + SSL + mod_auth_sspi = Single Sign-On!

Ok guys. I’ve got something smart to write, at last.

Let’s say your boss has a brilliant idea:

lampadina«WTF, we’ve got Active Directory, we could open Internet Explorer and get into our webservers without having to authenticate!»

Let’s say you had implemented Apache with SSL on a Windows Server. Eurk.

Let’s say you managed to discover that you have to load mod_auth_sspi into Apache.

And so far, Internet Explorer is giving a freaky “Error 401: Authorization Required!” while Firefox, Opera etc. are gently fallbacking to basic auth.

The deadline is coming… you are sweating… You have spent the whole weekend googling to figure that sh*t out…

Well, what happened to me was: as soon as I heard the Boss’ footsteps, I remembered having laughed at three lines in the OpenSSL module configuration…

…YEAH! SSPI works as a charm, it’s the SSL conf the problem!

Leave SSPI alone, my dears, ’cause you only have to comment the

BrowserMatch *MSIE* blabla

directive in Apache’s SSL conf.

Then it’s only a matter of cleaning Internet Explorer’s cache and you’ll enter your website without having to type in anything.

Of course it’s still smarter to use Firefox/Opera/Safari, but the boss is pleased and smiling. W00t!

Pubblicato in Apache, Server, Windows Server

«
»

Lascia un commento






La tua risposta:

Categorie