Hi.
I have set up Single Sign On with Apache sspi ssl, plone and zope, and it
works. They only problem i am having is that IE challenges me for my domain
username and password when it sould just log me on automatically. I think
this stems from the fact that {LA-U:REMOTE_USER} is always null, if i remove
the RewriteCond then Apache logs me in as the user (null), so im slightly
stumped. My vhosts is below, any thoughts?
I dont have anything in error logs of any great substance other than
"authentication failure" which i assume is a result of no user being
passed...
[Fri Nov 27 15:44:02 2009] [error] [client 127.0.0.1] (OS 87)The parameter
is incorrect. : authentication failure for "/": user unknown, reason:
cannot generate context
Any help greatfully received....
NameVirtualHost *:80
<IfModule mod_ssl.c>
NameVirtualHost *:443
#SSLSessionCache "shmcb:C:/apache/logs/ssl_scache(512000)"
#SSLSessionCacheTimeout 300
Listen 443
</IfModule>
<VirtualHost *:80>
ServerName localhost
ServerAlias localhost
ServerSignature On
CustomLog C:\apache\logs\plone\access.log combined
ErrorLog C:\apache\logs\plone\error.log
LogLevel warn
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteLog C:\apache\logs\plone\rewrite.log
RewriteLogLevel 3
RewriteRule ^/(.*) https://localhost/$1 [R=301,L]
</IfModule>
</VirtualHost>
<VirtualHost *:443>
ServerName localhost
ServerAlias localhost
CustomLog C:\apache\logs\plone\443access.log combined
ErrorLog C:\apache\logs\plone\443error.log
LogLevel warn
#authenticate
<IfModule mod_auth_sspi.c>
<Location />
#set up sspi
AuthName "Extranet"
AuthType Basic
SSPIDomain NNTHA
SSPIAuth On
SSPIAuthoritative On
SSPIUsernameCase lower
SSPIOfferBasic On
SSPIBasicPreferred Off
SSPIPerRequestAuth on
SSPIOfferSSPI On
SSPIOmitDomain On
require valid-user
</Location>
</IfModule>
<IfModule mod_ssl.c>
SSLEngine On
SSLCertificateFile c:/apache/ssl/site.crt
SSLCertificateKeyFile c:/apache/ssl/plonePriv.pem
CustomLog "C:/apache/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</IfModule>
<IfModule mod_rewrite.c>
#do the rewrite
RewriteEngine On
RewriteLog C:\apache\logs\plone\443rewrite.log
RewriteLogLevel 3
#serving icons from apache 2 server
RewriteRule ^/icons/ - [L]
#deal with the user rewrite
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule .* - [E=RU:%1]
RequestHeader set X_REMOTE_USER %{RU}e
RewriteRule ^/(.*) \
http://localhost:8080/VirtualHostBase/https/%{SERVER_NAME}:443/$1 [L,P]
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule . - [E=RU:%1]
RewriteRule ^/zope/(.*) \
http://localhost:8080/VirtualHostBase/https/%{SERVER_NAME}:443/_vh_zope/$1
[L,P]
</IfModule>
#reverse proxy
<IfModule mod_proxy.c>
ProxyVia On
# prevent the webserver from being used as proxy
<LocationMatch "^[^/]">
Deny from all
</LocationMatch>
</IfModule>
</VirtualHost>
--
View this message in context:
http://n2.nabble.com/SSO-with-SSPI-and-SSL-LA-U-REMOTE-USER-always-null-tp4086748p4086748.html
Sent from the Installation, Setup, Upgrades mailing list archive at Nabble.com.
_______________________________________________
Setup mailing list
Setup@lists.plone.org
http://lists.plone.org/mailman/listinfo/setup
