Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Re: Single sign on with AD

by Arif (Acolyte)
on Dec 09, 2017 at 23:52 UTC ( #1205235=note: print w/replies, xml ) Need Help??


in reply to Single sign on with AD

If you are running as a CGI script within an Apache web server then you can look for the environment variable REMOTE_USER (ie. $ENV{REMOTE_USER}). If it is set then that's the user name as authenticated with Apache. With that you can use LDAP modules to extract extra information about the user from the AD.

To enable user authentication within Apache you could use mod_auth_kerb to allow Kerberos tickets or passwords to authenticate a user 

AuthType  Kerberos
AuthName "Kerberos Login"
SSLRequireSSL
KrbAuthRealms DOMAIN
KrbServiceName http
Krb5Keytab /etc/krb5.keytab
KrbMethodNegotiate on
KrbMethodK5Passwd on
require valid-user

[download]

It's a little tricky to get right and your server needs to be joined to the AD domain, but it works wonderfully. I assume that mod_auth_sspi works similarly.

Replies are listed 'Best First'.
Re^2: Single sign on with AD
by newbie200 (Initiate) on Dec 11, 2017 at 09:42 UTC
    I used mod_auth_sspi and was able to see my REMOTE_USER via a script i wrote to check it. What I still don't understand is how do i use Ldap to extract this information about the user from the AD and have it working on my web app.
[reply]
Re^2: Single sign on with AD
by Anonymous Monk on Dec 10, 2017 at 13:48 UTC
    ... and be very sure that your software is actually looking at the right thing. I have literally been able to white-hat an internal website by adding &REMOTE_USER=admin to the URL-string, because the (old, PHP) program – or its non-tester – was not paying attention.
[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://1205235]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (6)
As of 2023-09-30 10:33 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found
    Notices?