Single Sign on (SSO) via GSSAPI#
For automatic login to i-doit within an intranet, authentication via Single Sign On (SSO) is the best option.
Conditions and assumptions#
The following conditions are the basis of this article:
- i-doit is installed under GNU/Linux.
- Active Directory (AD) on Windows Server 2008/2012 is used for authentication.
This article describes how to set up Single Sign On (SSO) under Apache web server using \mod-auth-gssapi.
Upper and lower case
The configuration is exactly case sensitive.
Configure Active Directory (AD)#
A user is generated in AD for SSO access. Example:
- Server name of i-doit: idoit.mydomain.local
- AD domain: addomain.local
- SSO user: ssouser
- Password: password
Configuration of the i-doit server#
Installation of all required packages
1 2 3 4 5 6 7 8 9
Initial registration and creation of the keytab#
1 2 3 4 5 6 7 8
Configure Apache Web Server#
This file will customize the new VHost configuration:
1 2 3 4 5 6 7 8 9 10 11 12 13
Afterwards restart Apache once so that the changes take effect
To test the configuration, execute the following command: