[XWiki Forum] [Help / Discuss] Help setting up SSO with Kerberos and Active Directory

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[XWiki Forum] [Help / Discuss] Help setting up SSO with Kerberos and Active Directory

Thomas Mortagne-2
[[Note: The XWiki project is switching away from this mailing list and moving to a forum: https://discourse.xwiki.org. This list will be made readonly in a few days. Please post on the forum from now on. Thanks.]]


Not sure why you are talking about http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HKerberosSSOAuthentication since you example does not have anything to do with it (which is good).

So back to you example now, if manual login works you probably don't need much on XWiki side.

[quote="Johannes, post:1, topic:179"]
I could not see it in the tomcat logs, only that the "user is null"

So if mod_auth_kerb. is doing it's job you should see in the LDAP debug log something like: "RemoteUser: [hidden email]" or "RemoteUser: mydomain.com\toto" or some other format (that's why you have to provide a regexp in the configuration) which is the REMOTE_USER that XWiki is supposed to receive from whatever is in front of and and parsed with "xwiki.authentication.ldap.remoteUserParser".

If you don't see it there is no much you can do at XWiki level. Sometimes bad authenticator module don't properly set the HTTP REMOTE_USER and instead set a custom HTTP header that you can indicate in `xwiki.authentication.ldap.httpHeader`. I don't have any experience with mod_auth_kerb sorry.

[Visit Topic](https://discourse.xwiki.org/t/help-setting-up-sso-with-kerberos-and-active-directory/179/2) to respond.

You are receiving this because you enabled mailing list mode.

To unsubscribe from these emails, [click here](https://discourse.xwiki.org/email/unsubscribe/53280ea1570d2ffb69246b670230b055103d533b77421d301151e8410dd0e885).