Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

NGINX - Active Directory Single Sign On

I am trying to find a solution for this without much success.

I am starting to plan the development of a Web Application that will require Single Sign On for Windows users that will use it. I view this is more of a "nice to have" feature; I could do an authentication form that will authenticate with Active Directory using LDAP but obviously SSO would be nicer :)

There is plenty of information on this issue with Apache and a few modules but nothing on NGINX.

Any tips/tricks or should I just give up right now? I don't want to spend too much time trying to configure this and end up having a bunch of problems.

like image 405
Ricardo Velhote Avatar asked Nov 08 '11 15:11

Ricardo Velhote


3 Answers

The magic word for this is kerberos authentication.

There are only badly maintained modules for nginx, that all take basically the same aproach. I think they are all not recommended for production as they are not maintained.

https://github.com/stnoonan/spnego-http-auth-nginx-module https://github.com/fintler/nginx-mod-auth-kerb

So no really easy solution for this problem, unless you change to apache.

Here is a basic manual for apache: http://wiki.centos.org/HowTos/HttpKerberosAuth

like image 103
NotANormalNerd Avatar answered Nov 18 '22 02:11

NotANormalNerd


You cannot do SSO with LDAP but with GSS-API which is supported by the Active Directory. Google for nginx spnego.

like image 1
Michael-O Avatar answered Nov 18 '22 04:11

Michael-O


Active directory is a feature of Windows Server so if you use Microsoft IIS you will be able to enable Single Sign On. You can configure IIS as an NGINX proxy or simply replace the same.

like image 1
Wendel Avatar answered Nov 18 '22 02:11

Wendel