I've successfull implemented SSO with Kerberos an a apache webserver. Whenever a user opens the webpage, he is prompted to enter his credentials (username@REALM & password). Is there a possibility to log him in directly, without the login prompt?
Here is my configuration and the steps I have taken:
Server: web3.ch.example.net
Site: http://dev.example.net
Client OS: Windows 10
Server OS : Ubuntu 18.04 LTS
krb5.conf:
[libdefaults]
default_realm = CH.EXAMPLE.NET
[realms]
CH.EXAMPLE.NET = {
kdc = DC.CH.EXAMPLE.NET
admin_server = DC.CH.EXAMPLE.NET
}
[domain_realm]
.ch.example.net = CH.EXAMPLE.NET
ch.example.net = CH.EXAMPLE.NET
apche site.conf:
<Location />
AuthType Kerberos
AuthName "Kerberos authenticated intranet"
KrbAuthRealms CH.EXAMPLE.NET
KrbServiceName Any
Krb5Keytab /etc/kerberos.keytab
KrbMethodNegotiate On
KrbMethodK5Passwd On
require valid-user
</Location>
After that, I added dev.example.com to "local Intranet Sites" and set the setting for this zone to "automatic logon with current username and password"