I am running a apache (xampp 1.7.3) server on my local windows 7 PC. This PC is connected to a LAN and a Active Directory domain called "colours". My local username is CHRISTOPHER-PC/Christopher, and the domain username is COLOURS/Christopher.
For admin connection to the AD server, I use a PHP scripted called adLDAP. As default, this script (examples/authenticate.php) gives the user two input fields for login. This works fine.
But I want my users to auto sign in if they are logged in to their AD account. For this I'm trying to use the mod_auth_sspi module. But I'm having some problems... :\
My httpd.conf looks like this:
<Directory "C:/xampp/htdocs">
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order allow,deny
Allow from all
AuthName "A Protected Place"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIDomain colours
SSPIOfferBasic On
SSPIBasicPreferred On
require valid-user
</Directory>
When i go to http://localhost/ or http://my-ip-address/ (from another computer) i dialogue box pops up and asks for the domain username and password. I know that this is caused by "require valid-user", but if I remove it the user is not auto logged in.
Do the following:
- Add Integrated Authentication of IE's advanced security.
- Add your urls (http://my-ip-address/) to trusted zones.
I know this is an old post, but have you checked to see if you add your site in the trusted list in IE, that it stops the popup to appear? If you do this, in conjunction with require valid-user, it should work (with mod_auth_sspi).
Tools > Options > Security Tab > Local Intranet > Sites (button) > Advanced (button) > Add site using this screen
HTH!
ps: in PHP, the following variables would have the desired info: $_SERVER["REMOTE_USER"] AND $_SERVER["PHP_AUTH_USER"]. They would contain "domain/user_name".
来源:https://stackoverflow.com/questions/2652108/single-sign-on-with-apache-on-windows-7-and-mod-auth-sspi