Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision Both sides next revision
tutorial:adm:sso_ad_domain [2019/10/04 09:06]
kopro [Enable authentication in browsers] add information about automatic logon
tutorial:adm:sso_ad_domain [2019/11/22 10:01]
urbanl [Configure Apache httpd - Linux] pridani vyjmuti idm statusu z auhentifikace sso
Line 89: Line 89:
 </code> </code>
  
-Add Kerberos configuration and setting the ''REMOTE_USER'' header inside the **VirtualHost tag** in ''/etc/httpd/conf.d/ssl.conf'':+Add Kerberos configuration and setting the ''REMOTE_USER'' header inside the **VirtualHost tag** in ''/etc/httpd/conf.d/ssl.conf''. And exlude "/idm/api/v1/status" from authentication so everyone can access it:
 <code> <code>
        <Location /idm>        <Location /idm>
Line 103: Line 103:
  
        RequestHeader set REMOTE_USER %{REMOTE_USER}s        RequestHeader set REMOTE_USER %{REMOTE_USER}s
 +       
 +       <Location /idm/api/v1/status>
 + Satisfy Any
 +       </Location>
 </code> </code>
 This configuration enables **Negotiate** (the users logged in domain computer will be automatically authenticated - this must be enabled in the browser), as well as **Basic Auth** (the user, who is not logged in domain computer, will be first prompted for username and password with the message "Kerberos Login" and the credentials will be sent to AD for authentication). Negotiate can be disabled by KrbMethodNegotiate, Basic Auth can be disabled by KrbMethodK5Passwd. This configuration enables **Negotiate** (the users logged in domain computer will be automatically authenticated - this must be enabled in the browser), as well as **Basic Auth** (the user, who is not logged in domain computer, will be first prompted for username and password with the message "Kerberos Login" and the credentials will be sent to AD for authentication). Negotiate can be disabled by KrbMethodNegotiate, Basic Auth can be disabled by KrbMethodK5Passwd.
  • by apeterova