I would also recommend mod_auth_cas if your SSO supports it - very easy to set up.
- Y Sent from a device with a very small keyboard and hyperactive autocorrect. On Thu, May 20, 2021, 2:41 AM Michael Wechner <michael.wech...@wyona.com> wrote: > Hi Michael > > I think it depends on your SSO app, more specifically what standards it > supports. > > For example you could use *mod_auth_kerb** and * > > *mod_auth_gssapi * > https://active-directory-wp.com/docs/Networking/Single_Sign_On/Kerberos_SSO_with_Apache_on_Linux.html > https://wiki.centos.org/HowTos/HttpKerberosAuth > > Another possibility might be to use JWT > > https://www.miniorange.com/apache-adfs-single-sign-on(sso) > > or > > https://github.com/zmartzone/mod_auth_openidc > > Also have a look at > > https://httpd.apache.org/docs/trunk/howto/auth.html > > I am not sure what other possibilities exist which work together with your > SSO app, but it might be less effort to just move your documentation into > your app servers. > > HTH > > Michael > > > > Am 20.05.21 um 06:46 schrieb Michael D.: > > Hello user group. > > I maintain a website that authenticates users through an internal > single-sign-on app. > > I have a documentation page that is publically viewable but I only want it > viewable after authentication. I've looked into .htaccess but I don't want > a separate login process for users to view documentation. I want them to be > able to login through our internal SSO and automatically have access to > those documents that are currently stored on the web server. > > Is this possible to do through Apache or should these static documentation > pages be put on our app servers and then served up for authenticated users? > > I'm not finding a way to avoid a second authentication process just to > view documentation that is private info for only authorized users > > (Fyi we have thousands of users that need access to this documentation.) > > >
