Next Active Directory Integration

From Michael's Information Zone
Revision as of 14:16, 14 December 2017 by Michael.mast (talk | contribs)
Jump to navigation Jump to search

Installing for WP **VERSION-HERE** with SSO enabled.
Looking to use kerberose for this one, eventually replacing with SAML.

DUMP OF NOTES HERE [1]

  • mv kerberos.keytab /var/www/html/
  • chown apache:apache /var/www/html/kerberos.keytab
  • kinit -p admin@domain.tld
  • yum install mod_auth_gssapi
  • nano /etc/httpd/conf.d/vhosts.conf

[2] 

<Location /private>
    AuthType GSSAPI
    AuthName "GSSAPI Single Sign On Login"
    GssapiCredStore keytab:/etc/httpd.keytab
    Require valid-user
</Location>
  • nano /etc/httpd/conf.d/vhosts.conf

Kerberose issues

Most issues were caused by selinux. After setting the correct context for the keytab file I was able to get this thing working properly.

[3]

  1. https://active-directory-wp.com/docs/Networking/Single_Sign_On/Kerberos_SSO_with_Apache_on_Linux.html
  2. https://github.com/modauthgssapi/mod_auth_gssapi
  3. http://blog.stefan-macke.com/2011/04/19/single-sign-on-with-kerberos-using-debian-and-windows-server-2008-r2/
Retrieved from "https://wiki.1701technology.com/index.php?title=Next_Active_Directory_Integration&oldid=554"