We're running on Apache on linux and we'd like to configure SSO where users who are already logged to the domain are automatically logged into PPM.
I'd like to hear from someone who has implemented SSO on apache,i've seen many queries on IIS.I'd like to see the entries added to the httpd.conf to enable apache AD integration.
I'm following the guide and the guide states that the webserver needs to be integreated with the generic SSO so in my mind this means apache should be configured to authenticate against the AD.Is this correct?
You're correct. Generic SSO means that the web Server is responsible for HTTP request authentication, and should ensuire that only properly authenticated requests be forwarded to PPM Server. It should also include a HTTP Header with the username for identification, that PPM Server will blindly trust.
For this reason, you must ensure that no HTTP request can reach the PPM Server without going through the web server first.
We have some customers that are using this set up for integrating with any authentication system (such as SAML2 for example). As long as you can perform the authentication at the Web Server level (Apache or IIS, or any other supported Web Server out there) and that the web server can communicate the username to the PPM Server in the HTTP header, it should work.