Difference between revisions of "Next Active Directory Integration"

From Michael's Information Zone
Jump to navigation Jump to search
(Created page with "Installing for WP **VERSION-HERE** with SSO enabled.<br> Looking to use kerberose for this one, eventually replacing with SAML. <br> <br> DUMP OF NOTES HERE <ref>https://activ...")
 
Line 20: Line 20:
 
</pre>
 
</pre>
 
*nano /etc/httpd/conf.d/vhosts.conf
 
*nano /etc/httpd/conf.d/vhosts.conf
 +
==Kerberose issues==
 +
Most issues were caused by selinux. After setting the correct context for the keytab file I was able to get this thing working properly.
 +
<ref>http://blog.stefan-macke.com/2011/04/19/single-sign-on-with-kerberos-using-debian-and-windows-server-2008-r2/</ref>

Revision as of 14:16, 14 December 2017

Installing for WP **VERSION-HERE** with SSO enabled.
Looking to use kerberose for this one, eventually replacing with SAML.

DUMP OF NOTES HERE [1]

  • mv kerberos.keytab /var/www/html/
  • chown apache:apache /var/www/html/kerberos.keytab
  • kinit -p admin@domain.tld
  • yum install mod_auth_gssapi
  • nano /etc/httpd/conf.d/vhosts.conf

[2] 

<Location /private>
    AuthType GSSAPI
    AuthName "GSSAPI Single Sign On Login"
    GssapiCredStore keytab:/etc/httpd.keytab
    Require valid-user
</Location>
  • nano /etc/httpd/conf.d/vhosts.conf

Kerberose issues

Most issues were caused by selinux. After setting the correct context for the keytab file I was able to get this thing working properly.

[3]

  1. https://active-directory-wp.com/docs/Networking/Single_Sign_On/Kerberos_SSO_with_Apache_on_Linux.html
  2. https://github.com/modauthgssapi/mod_auth_gssapi
  3. http://blog.stefan-macke.com/2011/04/19/single-sign-on-with-kerberos-using-debian-and-windows-server-2008-r2/
Retrieved from "https://wiki.1701technology.com/index.php?title=Next_Active_Directory_Integration&oldid=554"