Thread "SSO Kerberos with LDAP"

Tabs

  • Deleted
    Deleted | 23. Jul 2019, 15:38
    Edited on: 30. Aug 2019, 09:55 - by Deleted
    [UP] SSO Kerberos with LDAP

    Hello,

    In ILIAS version 5.3.12...

    My LDAP authentication works.

    When a user connects for the first time via LDAP, his record is fully created.

    Problem, when I activate the Kerberos SSO (APACHE):
    If the form is not created, the system asks the user to enter his name, first name and email. I don't want to.

    I would like that:

    • Either, during a first SSO connection the plug is created automatically via the LDAP (ideal situation).
    • Either, during a first connection via SSO, the user is denied access because there is no known record in his name. It must first connect in LDAP once before it can use SSO.

    How to do this? Thank you for your help.

    Laurent

  • Deleted
    Deleted | 5. Sep 2019, 08:29
    Re: [UP] SSO Kerberos with LDAP

    Hi,


    Have you test your kerberos authentication is working or not? you need to proof this first between the LMS server and Active Directory server by using the command line (if LMS is in linux server).

    Then after that, you can start to configure the apache in LMS setting page. The default authentication also should be set to Apache and same with the order if login method. 

    Dont forget to tick in apache configuration in LMS that 'enable the user creation based on LDAP'. in LDAP setting page, tick the synch when do 'login'.

    In addition, if you are using IE, you need to enable the Integrated Windows Authentication (IWA) at internet option setting.

    Then if all okay, the SSO should working.


  • Deleted
    Deleted | 6. Sep 2019, 11:51
    Re : Re: [UP] SSO Kerberos with LDAP

    Hello,

    Thank you for your attention and help.

    1 - The LDAP works in standalone mode: The creation of a file is normally done if I use the LDAP to authenticate myself with a new user unknown to ILIAS at the beginning: OK.

    2 - My KERBEROS APACHE authentication works because the login is well transmitted and the authentication is validated. OK.

    3 - When I decide to couple SSO KERBEROS and LDAP, the new user's record is well created, but the synchronization with LDAP is not effective: The system asks me to complete the user record with his name, first name and email address: Not OK.

    Thank you for your help....

    Sincerely,

    Laurent

    Translated with www.DeepL.com/Translator