Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
tutorial:adm:sso_ad_domain [2018/09/10 08:08]
fiserp [Troubleshooting]
tutorial:adm:sso_ad_domain [2018/12/28 17:03] (current)
kotisovam [SSO to AD domain]
Line 3: Line 3:
 CzechIdM supports Single-Sign-On of the AD domain users. The mechanism uses web server, which handles the Kerberos authentication and provides the login of the authenticated user in the HTTP header. Then CzechIdM processes this header and authenticates the user automatically. CzechIdM supports Single-Sign-On of the AD domain users. The mechanism uses web server, which handles the Kerberos authentication and provides the login of the authenticated user in the HTTP header. Then CzechIdM processes this header and authenticates the user automatically.
  
-If the user is Application Admin (e.g. has assigned the role superAdminRole),​ SSO authentication is disabled for security reasons.+If the user is the Application Admin (e.g. has assigned the role superAdminRole),​ SSO authentication is disabled for security reasons.
  
-Following ​tutorial shows how to configure Apache web server and enable SSO in CzechIdM.+This tutorial shows how to configure ​an Apache web server and enable SSO in CzechIdM.
  
-<note important>​When enabling SSO, be sure that Apache Tomcat application server listens only on localhost (as in standard configuration by [[tutorial:​adm:​server_preparation#​apache_tomcat_configuration|install guide]]), so no one can forge the HTTP headers and so gain access ​under any user.</​note>​+<note important>​When enabling SSO, be sure that your Apache Tomcat application server listens only on localhost (as in standard configuration by [[tutorial:​adm:​server_preparation#​apache_tomcat_configuration|install guide]]), so no one can forge the HTTP headers and gain access ​pretending to be one of the users.</​note>​
  
 During the tutorial, we use the name of the AD domain ''​COMPANY.CZ''​. CzechIdM will be accessible from the address ''​https://​idm.company''​. During the tutorial, we use the name of the AD domain ''​COMPANY.CZ''​. CzechIdM will be accessible from the address ''​https://​idm.company''​.