I have to have more understanding about SSO on the web application against Active Directory.
For simply request the consumer the login to authenticate on AD, I understand will be able to apply certain libraries like
adLdap and so forth. However in this situation, the consumer still have to type the login two times.
For instance: Authenticate against Active Directory/ISA from php
Afaik, to make use of
transparent login, I have to implement an additional apache module.
How do you use Microsoft AD and php single sign up web application?
First I have to know which apache module I have to use and why.
In this short article for instance you will find three:
And also the thosed one was
Within the question referred to over the recognized answer was for
When speaking about Active Directory I have got this answer, which describes active directory being an implementation of
kerberos + "a couple of other miscellaneous odds and ends".
I am very unclear about each one of these names, since I have nerver labored by using it.
Can someone clarify it in my experience? (
Finally, can someone point me to the way the application recognize the authenticated user (from AD). Could it be simply by the username passed with somethink like
$_SERVER['REMOTE_USER']? Any password is distributed? So how exactly does the browser send this extra headers? Can there be any nearby configuration that should be completed in each workstation?
LDAP and AD are methods for storing customers and organisation data. They aren't helpful for doing the particular authentication over web, but they are utilized behind an SSO (For example CAS), because the "database".
Authentication is really a confusing mess. Here's some background.
LDAP: LDAP is really a protocol for interacting user directory information. Additionally, it may handle authentication, but it's not seamless (SSO).
NTLM: NTLM is Microsoft's SSO included in IE, ActiveDirectory and IIS. The initial version of NTLM is extremely insecure so NTLMv2 was carried out to fix the safety issues in NTLM. The initial NTLM is disabled automatically in Home windows Vista and then.
Kerberos: Kerberos is definitely an open standard that's very secure and is made to offer seamless (SSO) Authentication. ActiveDirectory supports a version of Kerberos.
So far as the modules you can use to implement these methods, you incorporated an excellent listing of them.
mod_ntlm: It is really an Apache module that operates on Linux and props up original NTLM (not NTLMv2).
mod_auth_kerb: It is really an Apache module that implements Kerberos.
mod_auth_sspi: It is really an Apache module for Home windows that props up original NTLM (not NTLMv2).
Apache2:AuthenNTLM: This can be a Perl module that handles NTLM. I'm not sure whether it supports NTLM and NTLMv2.
mod_auth_ntlm_winbind: It is really an Apache module that connects with Samba's authentication.