Not logged in. · Lost password · Register
Forum: General Help and Support Installation and Configuration RSS
Configuring single sign-on with IIS and Active Directory
Something is wrong with my set up.
Avatar
escapingUser #1
Member since Aug 2018 · 8 posts
Group memberships: Members
Show profile · Link to this post
Subject: Configuring single sign-on with IIS and Active Directory
I am trying to get single sign on working with active directory.

In IIS if I have Windows Authentication enabled and Anonymous Authentication enabled, I can view the page, and log in with my windows credentials.

If I disable Anonymous Authentication and try to use my windows credentials it does not work (gives no error, just brings up sign in box again.)

php 7.2 is installed and php_ldap is enabled.

In internet options the allowing the passing of authentication on intranet sites is enabled.

local.protected.php is below:
  $conf['authtype']            = 'authad';
  $conf['useacl']            = 1;
 
  // configure your Active Directory data here
  $conf['auth']['authad']['account_suffix']        = '@domain.com';
  $conf['auth']['authad']['base_dn']            = 'DC=domain,DC=com';
  $conf['auth']['authad']['domain_controllers']    = 'server.domain.com';
 
  // Enable SSO
  $conf['auth']['authad']['sso']                = 1;
  $conf['auth']['authad']['admin_username']        = 'user';
  $conf['auth']['authad']['admin_password']        = 'pass';

 
  $conf['auth']['authad']['real_primarygroup']    = 1;

  $conf['auth']['authad']['use_ssl']            = 0;
  $conf['auth']['authad']['use_tls']            = 0;

  // Admin
  $conf['manager']                            = 'admin';
  $conf['superuser']                         = 'alist,ofpeople';
Avatar
JoshCrook #2
Member for a month · 1 post
Group memberships: Members
Show profile · Link to this post
If I disable Anonymous Authentication and try to use my windows credentials it does not work (gives no error, just brings up sign in box again.)

This is purely an IIS configuration issue. Most commonly that's caused by incorrect credentials.

Check your IIS logs at C:\inetpub\logs\LogFiles\W3SVC1 and you will find an entry around the time you attempted to login. Near the end of the line will be a 401 status code, aka 'unauthorized'
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Go to forum
Imprint
This board is powered by the Unclassified NewsBoard software, 20150713-dev, © 2003-2015 by Yves Goergen
Current time: 2019-11-18, 18:53:30 (UTC +01:00)