Apache Friends Support Forum

I am writing an app on my windows machine. What I am trying to implement is single sign on with AD integration. The idea is to somehow have the windows user name sent off to my php scripts (I would guess in the $_SERVER variable somewhere) and I would then use an AD integration library to check to see if that user is in a group and validate it that way.

I downloaded and am loading NTLM for Apache. That's what it would seem I would need based on what I have read so far. NTLM is loading per phpinfo()

Code: Select all

Apache/2.4.16 (Win32) mod_authn_ntlm/1.0.0 OpenSSL/1.0.1p PHP/5.6.11

That's as far as I can get. I have been trying to understand that I might have to do something in my .htaccess file but I am not strong enough on that to really follow the suggestions (which seem to be given for linux, not windows).

The key here is not to require any kind of authentication... If the user is logged in to their machine with AD and their user name is a member of the right group, they automatically get access.

Thanks for any assistance you can provide.

This only works for Windows components or weak security settings (in Firefox for example).
You will need mod_auth_sspi and want to achieve something like this:
http://stackoverflow.com/questions/1010 ... on-process

But to be true: SSO on Serverside programming languages based on request response architecture (like HTTP is) is ugly and error-prone.
The only environment which is really able to do SSO on Windows very well is Microsoft IIS (in combimnation with SharePoint for example).
I would never try to build such an environment on Apache base. Apache, PHP, MariaDB, etc are based on Unix/Linux.

Thanks for the response...

So you are suggesting I use IIS? Would I need to add anything to that?

IIS has this feature build in, but you will need to add PHP to IIS if you want to use PHP.
There are tutorials on the internet how to do so, that is not such a big deal.