Project and Portfolio Management Practitioners Forum
cancel

Generic SSO with Apache

Highlighted
patrick-sa
Super Contributor.

Generic SSO with Apache

Hi,

 

We're running on Apache on linux and we'd like to configure SSO where users who are already logged to the domain are automatically logged into PPM.

 

I'd like to hear from someone who has implemented SSO on apache,i've seen many queries on IIS.I'd like to see the entries added to the httpd.conf to enable apache AD integration.

 

I'm following the guide and the guide states that the webserver needs to be integreated with the generic SSO so in my mind this means apache should be configured to authenticate against the AD.Is this correct?

 

Regards,

Patrick.

 

3 REPLIES
dirkf
Acclaimed Contributor.

Re: Generic SSO with Apache

Hi Patrick,

 

there's not really anything I can add to your request because SSO and Web Server are a little outside of my knowledge area.

 

I checked and the admin guide gives directions to what needs to be done on the httpd.conf file.

Check if you haven't done so the admin guide, page 170 in Chapter 5

 

Configure Apache HTTP Server Version 2.2 Using mod_jk

 

On page 171 it goes on to explain:

 

3. Add the following lines of text to the httpd.conf file:

LoadModule jk_module <Relative_Modules_Path>/mod_jk.so

JkWorkersFile <Relative_Conf_Path>/workers.properties

JkMountFile <Relative_Conf_Path>/uriworkermap.properties

JkLogFile <Relative_Logs_Path>/jk.log

JKLogLevel ERROR

 

If you plan to enable SSL on Apache, then you must also add the “JkMountCopyOn” to the virtual host directive in the httpd-ssl.conf file.

 

4. Check to make sure that include conf/extra/httpd-ssl.conf is not

commented out in the httpd.conf file.

 

5. Navigate to the <PPM_Home>/integration/webserverplugins/

configuration directory, and then copy the workers.properties and

uriworkermap.properties to the Apache configuration directory

(usually <Apache_Home>/conf).

 

6. Configure the workers.properties file. (For detailed information and

instructions, see Configuring the Workers Properties File on page 147.)

 

7. Configure the uriworkermap.properties file to specify mappings

between a given URL (or URL pattern) and worker name. (For detailed

information and instructions, see Configuring the uriworkermap.properties

File on Microsoft IIS and Apache-Based Servers on page 151.

 

Make sure that the name of the worker mapped to /itg/* pattern in the

uriworkermap.properties file matches the name of the worker defined in the

workers.properties file. This worker must also be listed in the worker.list

directive of the workers.properties file.

 

8. Restart your Apache HTTP Server 2.2 and check to see whether your

configuration works.

 

Hope this helps.

 

Best regards,

Dirk

 

 

patrick-sa
Super Contributor.

Re: Generic SSO with Apache

Hi Dirk,

 

Thanks for this but this i've already done.This is actually how to set up apache as an external webserver.

 

Will log  a support case and see if i can get help.

 

Regards,

Patrick.

Etienne_Canaud
Outstanding Contributor.

Re: Generic SSO with Apache

Hi Patrick,

 

You're correct. Generic SSO means that the web Server is responsible for HTTP request authentication, and should ensuire that only properly authenticated requests be forwarded to PPM Server. It should also include a HTTP Header with the username for identification, that PPM Server will blindly trust.

 

For this reason, you must ensure that no HTTP request can reach the PPM Server without going through the web server first.

 

We have some customers that are using this set up for integrating with any authentication system (such as SAML2 for example). As long as you can perform the authentication at the Web Server level (Apache or IIS, or any other supported Web Server out there) and that the web server can communicate the username to the PPM Server in the HTTP header, it should work.

 

Thanks,

Etienne.