httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rapp, James" <james.r...@sap.com>
Subject [users@httpd] RE: Apache Reverse Proxy for Keberos-Enabled Website
Date Tue, 23 Oct 2012 16:06:14 GMT
Hi,

> I have configured Apache to act as a reverse proxy for some of our internal SAP applications.
 These internal SAP applications already has SSO set up using Kerberos.   Is it possible configure
Apache to  "delegate" the authentication to the internal SAP application so I have to set
up  mod_auth_kerb to authenticate the users before proxy-ing the request?

It depends on where you actually want the Kerberos authentication to take place.  If you authenticate
the users with Kerberos at the Apache Reverse Proxy it would be redundant to do so again within
your SAP applications.  A likely alternative would be to handle the Kerberos authentication
via mod_auth_kerb, as you mention, and then configure the SAP applications to "trust" a pre-authenticated
user from the Reverse Proxy.  SAP can usually interpret REMOTE_USER, or a web session variable
containing the authenticated user name.

Alternately you could consider an authentication method such as SAML, which would allow you
to delegate the Identity Provider service to the Application Server hosting your SAP apps.

Feel free to follow up with me directly if you need further context on integration with your
SAP applications.

Cheers,

James Rapp
Specialist, Customer Solution Adoption (CSA) Team, TIP Customer Engagement & Strategic
Projects

From: Nguyen, Bao L [mailto:bao.l.nguyen@intel.com]
Sent: Monday, October 22, 2012 4:24 PM
To: users@httpd.apache.org
Subject: [users@httpd] Apache Reverse Proxy for Keberos-Enabled Website


Hi All,



I have configured Apache to act as a reverse proxy for some of our internal SAP applications.
 These internal SAP applications already has SSO set up using Kerberos.   Is it possible configure
Apache to  "delegate" the authentication to the internal SAP application so I have to set
up  mod_auth_kerb to authenticate the users before proxy-ing the request?



Any advices would be greatly appreciated!



Thank you.





Bao Nguyen

Intel Corp - SAP Integration Engineering

916-356-7153





Mime
View raw message