Can you really use BasicAuth protection and SSO (Single Sign-On) simultaneously? We use mix domain single sign-on (CDSSO), wish to hide our staging server in the public through BasicAuth, and want to enable login through SSO. Each time we make the corresponding VHost admission to safeguard the server, the SSO no more works. Our virtual host entry for Apache appears like this
<Directory /home/my_user/sites/my_site> Options -MultiViews AllowOverride All Order deny,allow Deny from all Allow from 192.168.0.0/16 AuthType Basic AuthBasicProvider file AuthName "MyBasicAuth" AuthUserFile /home/my_user/etc/htpasswd Require valid-user Satisfy Any </Directory>
The log file from the web policy agent for OpenAM indicates that there's some type of authorization failure throughout the dsame_check (possibly a type of heartbeat message to ascertain if the representative is alive ?):
2011-11-04 16:48:16.069 Info 27773:7fb5259550e0 all: dsame_check_access(): starting... 2011-11-04 16:48:16.069 Debug 27773:7fb5259550e0 all: get_request_url(): .. .. 2011-11-04 16:48:16.069 Debug 27773:7fb5259550e0 all: get_request_url(): Returning request URL = http://..:80/error/HTTP_UNAUTHORIZED.html.var.
Within the Apache access log for that computer using the policy agent we obtain the next
401 Unauthorized HTTP errors (192.168.1.1 may be the local IP from the OpenAM server):
192.168.1.1 - "" [07/Nov/2011:12:42:58 +0100] "POST /UpdateAgentCacheServlet?shortcircuit=false HTTP/1.1" 401 - "-" "Java/1.6"
Exactly how should we alter the configuration make it possible for BasicAuth and SSO? Or isn't it possible whatsoever? When we take away the protection for that Apache web server, the dsame check and also the SSO work again.