I am wondering if anyone can help me. I am trying to setup SSO. I have it working inside a domain, where the kerberos ticket is passed and they sign on works and the user is able to login correctly. If no kerberos ticket is present it requests that the user logs in via a manual login form. However if I access the file from a location outside of the local domain e.g. home computer it presents me with a 403 error with no option to log in.
I have adjusted my .conf to various options with varying results of:
- Having access inside domain with kerberos ticket working (auto/manual) but no external access
- Having access externally without kerberos ticket and manual login inside domain.
- Having access everywhere without any promps.
my conf is
ServerName example.com
ServerAlias example.com
DocumentRoot /location/example/pub
LogLevel debug
<Directory "/location/example/pub">
Allow from all
Options FollowSymLinks Indexes
Order allow,deny
Deny from 127.0.0.0/8
AuthType Kerberos
AuthName "Kerberos Test"
KrbMethodNegotiate on
KrbMethodK5Passwd on
KrbLocalUserMapping on
KrbSaveCredentials on
KrbVerifyKDC on
KrbAuthoritative on
KrbServiceName HTTP
Krb5keytab /location.keytab
KrbAuthRealm EXAMPLE.COM
Require valid-user
Satisfy Any
ErrorDocument 401 /401.html
</Directory>
If I remove the deny it works from everywhere but does not allow any form of kerberos login. When it is in place I get the required kerberos login (sso/manual) but I am getting a 403 from any location other than inside the domain.
Does anyone have any suggestions/ideas? as i'm all out.
Thanks.