SSO via Active Directory with GSSAPI#
For automatic login to i-doit within an intranet, authentication via Single Sign On (SSO) is the best option.
Conditions and assumptions#
The following conditions are the basis of this article:
- i-doit is installed under GNU/Linux.
- Active Directory (AD) on Windows Server 2008/2012 is used for authentication.
This article describes how to set up Single Sign On (SSO) under Apache web server using \mod-auth-gssapi.
Upper and lower case
The configuration is exactly case sensitive.
Configure Active Directory (AD)#
A user is generated in AD for SSO access. Example:
- Server name of i-doit: idoit.mydomain.local
- AD domain: addomain.local
- SSO user: ssouser
- Password: password
Configuration of the i-doit server#
Installation of all required packages
Debian GNU/Linux or Ubuntu Linux:
1 | |
Info: Domain"REALM" angeben: addomain.local Hostname"Passwortserver" mydomaincontroller
Apache neustarten:
1 | |
Initial registration and creation of the keytab#
Authentication of the server:
1 | |
Creating the keytab:
1 | |
Assign permissions for Apache
1 | |
Configure Apache Web Server#
This file will customize the new VHost configuration:
1 | |
1 2 3 4 5 6 7 8 9 10 11 | |
Afterwards restart Apache once so that the changes take effect
1 | |
To test the configuration, execute the following command:
1 | |