All you need is the Apache module mod_auth_sspi
.
Configuration example:
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIDomain mydomain
# Set this if you want to allow access with clients that do not support NTLM, or via proxy from outside. Don't forget to require SSL in this case!
SSPIOfferBasic On
# Set this if you have only one domain and don't want the MYDOMAIN\ prefix on each user name
SSPIOmitDomain On
# AD user names are case-insensitive, so use this for normalization if your application's user names are case-sensitive
SSPIUsernameCase Lower
AuthName "Some text to prompt for domain credentials"
Require valid-user
And don’t forget that you can [use Firefox for transparent SSO in the Windows domain] (http://kb.mozillazine.org/Network.automatic-ntlm-auth.trusted-uris):
Go on about:config
, search for network.automatic-ntlm-auth.trusted-uris
, and enter the hostname or FQDN of your internal application (type myserver or myserver.corp.Domain.com).
You can have more than one input, it is a comma-separated field.
Source: https://stackoverflow.com/questions/1003751/how-can-i-implement-single-sign-on-sso-using-microsoft-ad-for-an-internal-php
I searched Apache httpd.conf and couldn’t find mod_auth_sspi. Should I include "Loadmodule..." in some line? And this example of configuration you sent goes where? ...
– Gustavo
@Gustavomacielsetta takes a look at this documentation https://wiki.apache.org/httpd/HelpOnInstalling/ApacheOnWin32withDomainAuthentication
– Otto
One more to help https://community.spiceworks.com/how_to/91377-implementing-single-sign-on-windows-with-apache @Gustavomacielsetta
– Otto
I appreciate the help, but no tutorial worked here. Every time I touch the httpd.conf file Apache does not go up again. I’m using Xampp to take the test, just like it says on the last link you sent. I appreciate the help, but I will give up, I saw that it gives infinitely more work than doing the login screen! Thanks again!
– Gustavo