This looks similar to my previous question of Apache NTLM plug in.
I need to get the login user names for the all the who sen the request to web server(Apache server).we use windows authentication NTLM for authenticate users.
For microsoft IIS server its really simple, as it is set in server variable.
I want it for Apache server.Does any one know any Plugin that does the same thing as done by IIS for apache.
Thank you
i got the issue resolved,
I used the JCIFS Plug in which will authenticate and give me the user ID and IP Address of the clients that are requesting to the Apache server.
detailed information is given here
Related
I have an Apache server where users authenticate to a website through Kerberos/GSSAPI (mod_auth_gssapi). In the event of a user attempting to visit the site externally (not available on the network ldap server), I would like to fallback to SAML authentication (mod_auth_mellon), but am having trouble figuring out if this is even possible. I am managing the config for this in httpd.conf. Both work independently of each other.
I have seen a number of suggestions and threads, but nothing seems to work for me. The Mellon module github page recommends using a config to preemptively check for credentials, but in my case, credentials do not exist yet, and any IF statements executed would happen before I can retrieve them.
Essentially, I would like to do this:
User visits site
Apache checks for LDAP username credentials through Kerberos/GSSAPI
If Kerberos credentials do not exist, try to mauthenticate through SAML/Mellon
I do not know ahead of time which users' information will be available in my local AD server or attempting to access externally.
I would like to keep this on the Apache side if possible, though I may have to relent and run SimpleSAML or something after Apache authenticates.
I am expecting to have an authentication fallback of Kerberos to SAML in my Apache config. Currently, Apache defaults to the last authentication method listed in the config file. I would like an either/or scenario, depending on whether the first authentication method is able to obtain a valid user.
Any ideas, thoughts, solutions, criticisms appreciated.
My site is hosted on IIS but behind reverse-proxy (nginx). Hence Windows Authentication is not working (nginx does not support it by default configuration). So I want IIS to use Active Directory to check user credentials. But how to do this? I suppose to use cookie, but can't find how to force IIS to find user in Active Directory database.
I would be appreciated for any help.
UPD:
I don't want to use Windows Authentication. I only want IIS find user in Active Directory when user send credentials by simple POST-request from the login page.
It looks like there is no integrated solution and I simply should write it by myself.
I need to get the corporate name this is the basic thing. But my problem is i need to get them through WEB API. I have tried impersonate set to true in web config enabled Windows authentication also. I can get the details locally when i run postman, but the same when i try to access after deploying in server it shows the following things:
1) Corporate domain name returns empty
2) Access denied (when anonymous is set to disable mode)
I am confused whether this can be done without having a windows authentication prompt box. If yes have i missed something while configuring IIS?
Thanks everyone in advance :)
This is way too late to answer this but SSO is what i need and i have come across Ping Identity.
So using SSO i can get the details of the user who are logged in.
PingIdentity - SSO
I'm working on a website that needs to be authenticated to via windows authentication in iis. To access this website you are required to login using windows authentication on another site.
I want to pass that windows authentication to my website so they do not need to log in. is this possible? and how? Ive looked through impersonation and keroberos but they dont seem to by what I'm looking for. The site also needs to have the correct credentials because the windows user is a parameter to get sql information for each individual user.
Thanks for the reply!, after a few hours of trial and error i found that it is paritally browsers issues and partially authentication issues. In firefox and chrome the authentications persist through, but not in IE. The solution was to change the authentication to windows authentication, then change the provider to Negotiate:kerberos in the authentication Configuration in IIS.
We are wanting the ability to provide seamless single-sign-on into our web application. Our users are all using a modern version of IE and they will be accessing our website locally within an intranet, they will all be logged into Windows with AD accounts.
It seems that we can use integrated windows authentication to have the browser pass through the credentials, so this side looks fine.
But on the server side we have Apache 2.2 (hosted on Windows Server 2008+) with CherryPy sitting behind it - we use Rewrite rules to pass requests into CherryPy.
I have managed to find a windows compiled version of mod_spnego for Apache 2.2 (https://github.com/ibauersachs/mod_spnego) and I believe I have this configured in some way to authenticate the clients using their AD credentials.
However, we need to get these users details through to CherryPy somehow as we need to obtain further AD details over LDAP to apply permissions in our application (something that we already do but with simple username/password authentication first). This is where I have hit a dead end as I can't seem to find a way to do this.
I've seen various talk about the REMOTE_USER environment variable and suggestions for setting an extended header with the information we need in Apache but none of this seems to work.
Could anyone help me understand how to go about this? Apologies if I've not described everything correctly above, as I say I am new to Kerberos/SPNEGO and may be missing something obvious, or trying to overcomplicate things, potentially.