Hello Dirk, I have that also on my roadmap but didn't found the time to get deeper in to that. For SSO we are planning to use AD accounts and Kerberos. For the Kerberos implementation on system level I could recommend PBIS Open (https://www.beyondtrust.com/products/powerbroker-identity-services-open/) You need to create a service principal name in HTTP/www.example.com in your domain and download the keytab file to your host. Finally the configuration needs to be done in the web server. You need to load and configure a Kerberos module to make it happen.
Possibly something like that: LoadModule auth_kerb_module /usr/lib/apache2/modules/mod_auth_kerb.so Beispielkonfig für Kerberos: <Location /SITENAME> AuthType Kerberos AuthName "Acme Corporation" KrbMethodNegotiate on KrbMethodK5Passwd off Krb5Keytab /etc/apache2/http.keytab Require user dou...@example.com<mailto:dou...@example.com> br...@example.com<mailto:br...@example.com> ermintr...@example.com<mailto:ermintr...@example.com> dy...@example.com<mailto:dy...@example.com> </Location> As I said, I never found the time to test this and its just a collection of information but I hope it helps and would be happy to get a feedback from you. Regards Michael From: omd-users [mailto:omd-users-boun...@lists.mathias-kettner.de] On Behalf Of Dirk Laurenz Sent: Mittwoch, 21. Juni 2017 09:49 To: omd-users@lists.mathias-kettner.de Subject: [omd-users] AD Single Sign On Hello @All, just want to ask - has anyone already connected omd to an AD to user SSO? I found several manuales regarding parts of omd, but not omd in a whole.... Regards, Dirk This electronic transmission (and any attachments thereto) is intended solely for the use of the addressee(s). It may contain confidential or legally privileged information. If you are not the intended recipient of this message, you must delete it immediately and notify the sender. Any unauthorized use or disclosure of this message is strictly prohibited. Faurecia does not guarantee the integrity of this transmission and shall therefore never be liable if the message is altered or falsified nor for any virus, interception or damage to your system.
_______________________________________________ omd-users mailing list omd-users@lists.mathias-kettner.de http://lists.mathias-kettner.de/mailman/listinfo/omd-users
