Hello, I’m currently using a similar configuration, but it’s NTLM based. Users are configured in 3 different AD domains/forests synchronized via LDAP. Apache NTLM module performs users’ validation and pass appropriate username to GLPI.
When users log in, Apache NTLM module performs validation and then populate HTTP_USER variable with the username. Then GLPI matches HTTP_USER username with the one synchronized via LDAP. (this is at least what I understood) To achieve your goal to maintain also form based auth, I’d try using different apache location: one for SSO and the other for form-based. Ciao -- Luca Civinini Systems Administrator From: Glpi-user [mailto:[email protected]] On Behalf Of Yoann Gini Sent: mercoledì 3 agosto 2016 08:23 To: Liste de diffusion des utilsateurs de GLPI <[email protected]> Subject: [Glpi-user] Optional SSO based on Kerberos? Hi folks, I’ve read those two links http://wiki.glpi-project.org/doku.php?id=fr:ressources:authautoad http://forum.glpi-project.org/viewtopic.php?id=31619 and I’m interested by providing SSO for my environment. However I’m wondering how the system is actually working. Does SSO use the LDAP source to link HTTP provided username to complete all information (like e-mail, groups, etc.)? Or is it a 100% independent source of information? Also, does the provided configuration example mean mandatory Kerberos authentication or optional? SSO for GLPI is a convenient access method, I still want users on non kerberized devices to be able to log in. Cheers Yoann
_______________________________________________ Glpi-user mailing list [email protected] https://mail.gna.org/listinfo/glpi-user
