NTLM and Single Sign On

Problems with the Windows version of XAMPP, questions, comments, and anything related.

NTLM and Single Sign On

Postby bazianm » 29. February 2016 16:25

I am writing an app on my windows machine. What I am trying to implement is single sign on with AD integration. The idea is to somehow have the windows user name sent off to my php scripts (I would guess in the $_SERVER variable somewhere) and I would then use an AD integration library to check to see if that user is in a group and validate it that way.

I downloaded and am loading NTLM for Apache. That's what it would seem I would need based on what I have read so far. NTLM is loading per phpinfo()

Code: Select all
Apache/2.4.16 (Win32) mod_authn_ntlm/1.0.0 OpenSSL/1.0.1p PHP/5.6.11


That's as far as I can get. I have been trying to understand that I might have to do something in my .htaccess file but I am not strong enough on that to really follow the suggestions (which seem to be given for linux, not windows).

The key here is not to require any kind of authentication... If the user is logged in to their machine with AD and their user name is a member of the right group, they automatically get access.

Thanks for any assistance you can provide.
bazianm
 
Posts: 10
Joined: 19. October 2006 22:40

Re: NTLM and Single Sign On

Postby Altrea » 29. February 2016 16:54

This only works for Windows components or weak security settings (in Firefox for example).
You will need mod_auth_sspi and want to achieve something like this:
http://stackoverflow.com/questions/1010 ... on-process

But to be true: SSO on Serverside programming languages based on request response architecture (like HTTP is) is ugly and error-prone.
The only environment which is really able to do SSO on Windows very well is Microsoft IIS (in combimnation with SharePoint for example).
I would never try to build such an environment on Apache base. Apache, PHP, MariaDB, etc are based on Unix/Linux.
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 11926
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 11 Pro x64

Re: NTLM and Single Sign On

Postby bazianm » 29. February 2016 17:02

Thanks for the response...

So you are suggesting I use IIS? Would I need to add anything to that?
bazianm
 
Posts: 10
Joined: 19. October 2006 22:40

Re: NTLM and Single Sign On

Postby Altrea » 29. February 2016 18:01

IIS has this feature build in, but you will need to add PHP to IIS if you want to use PHP.
There are tutorials on the internet how to do so, that is not such a big deal.
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 11926
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 11 Pro x64


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 97 guests