NGINX - Active Directory Single Sign On

6
votes

I am trying to find a solution for this without much success.

I am starting to plan the development of a Web Application that will require Single Sign On for Windows users that will use it. I view this is more of a "nice to have" feature; I could do an authentication form that will authenticate with Active Directory using LDAP but obviously SSO would be nicer :)

There is plenty of information on this issue with Apache and a few modules but nothing on NGINX.

Any tips/tricks or should I just give up right now? I don't want to spend too much time trying to configure this and end up having a bunch of problems.

3
phpactive-directorynginxsingle-sign-on

3 Answers

4
votes

The magic word for this is kerberos authentication.

There are only badly maintained modules for nginx, that all take basically the same aproach. I think they are all not recommended for production as they are not maintained.

https://github.com/stnoonan/spnego-http-auth-nginx-module https://github.com/fintler/nginx-mod-auth-kerb

So no really easy solution for this problem, unless you change to apache.

Here is a basic manual for apache: http://wiki.centos.org/HowTos/HttpKerberosAuth

1
votes

You cannot do SSO with LDAP but with GSS-API which is supported by the Active Directory. Google for nginx spnego.

1
votes

Active directory is a feature of Windows Server so if you use Microsoft IIS you will be able to enable Single Sign On. You can configure IIS as an NGINX proxy or simply replace the same.