PhenixID web apps authentication – Windows SSO
The purpose of this document is to describe how to configure PhenixID server internal web applications for authentication using Windows SSO (Kerberos or NTLM) authentication.
Prerequisites
Follow the prerequisites for Windows SSO in this document:
SAML - Windows SSO authentication
Modules Required
- auth-http
Configuration
Configuration Properties:
Example configuration
The configuration must be added in the Advanced section of Configuration Manager.
HTTP Authenticators
{
"id" : "winsso",
"alias" : "winsso",
"name" : "WindowsSSO",
"configuration" : {
"authProtocol" : "Negotiate",
"pipeID" : "pipewinsso",
"successURL" : "/selfservice/"
}
}
Pipe
{
"id" : "pipewinsso",
"valves" : [ {
"name" : "LDAPSearchValve",
"config" : {
"connection_ref" : "local_ldap",
"base_dn" : "CN=Users,DC=company,DC=local",
"scope" : "SUB",
"size_limit" : 0,
"filter_template" : "(&(objectclass=person)(sAMAccountName={{request.username}}))",
"attributes" : "sAMAccountName"
}
},{
"name": "PropertyAddValve",
"config": {
"name": "roles",
"value": "auth:7313aa29-f399-4a5b-afd3-fb1d7a88ae93",
"enable_multi_value": "true"
}
}
]
}
Read this article to get the correct value for the roles property.