Hello,
I’ve been trying to get SSO with kerberos working in our Active Directory environment. LDAPS works with groupmapping etc, but I guess I need some help now.
I tried nginx as reverse proxy with https://github.com/stnoonan/spnego-http-auth-nginx-module. I could access the wiki, I even saw the correct user being used in the logs, but automatic login was not working and I got java errors in the tomcat log. I’d have to recreate this setup to get logs because I switched to apache after that.
Then I tried (as I said) apache with mod_auth_kerb. I created a keytab file, modified krb5.config, set apache up according to http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HKerberosSSOAuthentication but it seemed that the user was not passed on since I could not see it in the tomcat logs, only that the “user is null”. The wiki and manual LDAP login worked.
I tried to set in the xwiki.cfg
xwiki.authentication.ldap.remoteUserParser=(.+)@(.+)
xwiki.authentication.ldap.remoteUserMapping.1=uid, also tried sAMAccountName here
and server.xml
tomcatAuthentication=“false”
but nothing really brought me closer to solving the problem.
What am I missing. Any help would be greatly appreciated. Thanks.
Johannes