I want to make an intranet with SSO Authentication through Active Directory. I searched about and I found maybe two ways :
Using the apache module mod_authnz_sspi. I can get the username and the domain but it seems there is no authentication. Maybe I don't really get it...
Here my apache conf for this module :
AuthType SSPI SSPIAuth On SSPIAuthoritative On SSPIOfferBasic On SSPIOmitDomain Off SSPIDomain MyDOMAIN Require valid-userSo I guess the "connection" is not really safe...
Using the apache module mod_authnz_ldap but I can't make it works well...
Here my apache conf for this module :
AuthName "LDAP Authentication" AuthType Basic AuthBasicProvider ldap AuthLDAPBindAuthoritative off AuthLDAPURL "ldap://ad.server.fr:389/DC=server,DC=local?sAMAccountName?sub?(objectClass=person)" NONE AuthLDAPBindDN [email protected] AuthLDAPBindPassword password AuthLDAPRemoteUserAttribute on LDAPReferrals Off
I got this error
LDAP: SSL support unavailable: LDAP: CA certificates cannot be set using this method, as they are stored in the registry instead.but I don't want to use SSL for the connection...Actually I don't really get how this works. My active directory doesn't get connection from my apache or just maybe anonymous.
Now I don't know how to make a SSO Authentication on my intranet. Which way is better ? Is there another one ?
I use wamp (for windows) with apache 2.4.4.
