Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
tutorial:adm:sso_ad_domain [2019/10/04 09:06]
kopro [Enable authentication in browsers] add information about automatic logon
tutorial:adm:sso_ad_domain [2019/11/22 10:01] (current)
urbanl [Configure Apache httpd - Linux] pridani vyjmuti idm statusu z auhentifikace sso
Line 89: Line 89:
 </​code>​ </​code>​
  
-Add Kerberos configuration and setting the ''​REMOTE_USER''​ header inside the **VirtualHost tag** in ''/​etc/​httpd/​conf.d/​ssl.conf'':​+Add Kerberos configuration and setting the ''​REMOTE_USER''​ header inside the **VirtualHost tag** in ''/​etc/​httpd/​conf.d/​ssl.conf''​. And exlude "/​idm/​api/​v1/​status"​ from authentication so everyone can access it:
 <​code>​ <​code>​
        <​Location /idm>        <​Location /idm>
Line 103: Line 103:
  
        ​RequestHeader set REMOTE_USER %{REMOTE_USER}s        ​RequestHeader set REMOTE_USER %{REMOTE_USER}s
 +       
 +       <​Location /​idm/​api/​v1/​status>​
 + Satisfy Any
 +       </​Location>​
 </​code>​ </​code>​
 This configuration enables **Negotiate** (the users logged in domain computer will be automatically authenticated - this must be enabled in the browser), as well as **Basic Auth** (the user, who is not logged in domain computer, will be first prompted for username and password with the message "​Kerberos Login" and the credentials will be sent to AD for authentication). Negotiate can be disabled by KrbMethodNegotiate,​ Basic Auth can be disabled by KrbMethodK5Passwd. This configuration enables **Negotiate** (the users logged in domain computer will be automatically authenticated - this must be enabled in the browser), as well as **Basic Auth** (the user, who is not logged in domain computer, will be first prompted for username and password with the message "​Kerberos Login" and the credentials will be sent to AD for authentication). Negotiate can be disabled by KrbMethodNegotiate,​ Basic Auth can be disabled by KrbMethodK5Passwd.