httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Billy Baker <bi...@teknobilly.com>
Subject [users@httpd] SSO LDAP Authorization with Auth_Form Session and Authnz_ldap in httpd 2.4
Date Sat, 24 Nov 2012 03:26:31 GMT
Hello httpd Auth_Form Fans,

I'm trying to implement a multi-site sso solution using httpd's
mod_session, mod_auth_form, and mod_authnz_ldap.  I have the LDAP
authentication part working great.  I can authenticate against my LDAP
directory using a simple html Auth_Form Form.

What I don't understand is how to configure support for multiple
hosts.  My understanding is the SessionCookie Name, Passphrase would
keep track of the sessions.  For the single site it works fine.

I thought I would post what I have so far, as I have not seen this
topic covered here before, and perhaps some others would aprreciate
this working example of single sites working with auth_form session
and authnz_ldap.

Do I need DBD at this stage?  Shouldn't the sessions recognize the
AuthName example to authenticate by or the session cookie
name/path/crypto passphrase.  Regardless, I'm missing something.  If
you see something I'd sure appreciate any tips.

Below ais my configuration example.  It's the same except I'm trying
to connect to sub domains rather than top-level domains.
Cheers,
Billy Baker

# httpd v2.4
# First Virtual Host Configuration
# Domain: Example.com
<VirtualHost *:80>
    ServerAdmin techsupport@example.com
    serverName example.com
    DocumentRoot /var/www/html/example.com
    ErrorDocument 401 /login.html

    Session On
    SessionCookieName session path=/
    SessionCryptoPassphrase secret

    <Location />
        AuthFormProvider ldap
        AuthType form
        AuthName example
        AuthFormLoginRequiredLocation http://example.com/login.html
        AuthLDAPUrl
"ldap://ds.example.com:389/ou=people,dc=example,dc=com?uid?sub?objectclass=*"
        AuthLDAPBinddn "uid=sdldapadmin,ou=special users,dc=example,dc=com"
        AuthLDAPBindPassword secretpasswd
        Require valid-user
    </Location>

    <Location /login.html>
        Order allow,Deny
        Allow from all
        require all granted
    </Location>

    <location /logout>
        SetHandler form-logout-handler
        AuthName example
        AuthFormLogoutLocation http://example.com/loggedout.html
    </location>

    <Location /dologin.html>
      SetHandler form-login-handler
      AuthType form
      AuthName example
      AuthFormProvider ldap
      AuthFormLoginRequiredLocation http://example.com/login.html
    </Location>

    ErrorLog logs/ExampleError_log
    CustomLog logs/ExampleAccess_log common
</VirtualHost>

# Second Virtual Host Configuration File
# Domain: Demo.com
<VirtualHost *:80>
    ServerAdmin techsupport@demo.com
    serverName demo.com
    DocumentRoot /var/www/html/demo.com
    ErrorDocument 401 /login.html

    Session On
    SessionCookieName session path=/
    SessionCryptoPassphrase secret

    <Location />
        AuthFormProvider ldap
        AuthType form
        AuthName example
        AuthFormLoginRequiredLocation http://demo.com/login.html
        AuthLDAPUrl
"ldap://ds.demo.com:389/ou=people,dc=demo,dc=com?uid?sub?objectclass=*"
        AuthLDAPBinddn "uid=sdldapadmin,ou=special users,dc=demo,dc=com"
        AuthLDAPBindPassword secretpasswd
        Require valid-user
    </Location>

    <Location /login.html>
        Order allow,Deny
        Allow from all
        require all granted
    </Location>

    <location /logout>
        SetHandler form-logout-handler
        AuthName example
        AuthFormLogoutLocation http://demo.com/loggedout.html
    </location>

    <Location /dologin.html>
      SetHandler form-login-handler
      AuthType form
      AuthName example
      AuthFormProvider ldap
      AuthFormLoginRequiredLocation http://demo.com/login.html
    </Location>

    ErrorLog logs/demoError_log
    CustomLog logs/demoAccess_log common
</VirtualHost>

####################################################
# login.html
<html>
<head><title>Test Login</title></head>
<body>

<form method="POST" action="/dologin.html">
    Username: <input type="text" name="httpd_username" value="" />
    Password: <input type="password" name="httpd_password" value="" />
    <input type="submit" name="login" value="Login" />
    <input type="hidden" name="httpd_location"
value="http://demo.com/index.html" />
</form>

</body>
</html>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message