Breadcrumbs

NTLM Single Sign-On Support

FileCloud supports NTLM for User Login through SSO.

Prerequisites

For NTLM SSO to work, the FileCloud Server must be connected to the AD domain.

Web Server Settings

  1. Ensure the file "mod_authn_ntlm.so" exists in the c:\xampp\apache\modules folder

  2. Edit the Webserver configuration file at c:\xampp\apache\conf\httpd.conf and add the following section.


    <Location /auth >

        #AllowOverride None

        AuthName "Private location"

        AuthType SSPI

        NTLMAuth On

        NTLMAuthoritative On

        <RequireAll>

            <RequireAny>

                Require valid-user

                #require sspi-user EMEA\group_name

            </RequireAny>

            <RequireNone>

                Require user "ANONYMOUS LOGON"

                Require user "NT-AUTORITÄT\ANONYMOUS-ANMELDUNG"

            </RequireNone>

        </RequireAll>

        # use this to add the authenticated username to you header

        # so any backend system can fetch the current user

        # rewrite_module needs to be loaded then

        RewriteEngine On

        RewriteCond %{LA-U:REMOTE_USER} (.+)

        RewriteRule . - [E=RU:%1]

        RequestHeader set X_ISRW_PROXY_AUTH_USER %{RU}e

      </Location>

  3. Ensure the module is loaded by ensuring the following line is enabled and not disabled.

    LoadModule auth_ntlm_module modules/mod_authn_ntlm.so

  4. Ensure you have the "auth" folder available at WWWROOT

  5. Restart the Web server.

  6. In your browser open http://<HOSTNAME>/auth URL; it will automatically login if everything works correctly. Make sure in your browser SSO has been enabled for the site.

Browser Settings to Enable Domain User SSO Login

For Internet Explorer and Google Chrome

  1. Add the site URL to trusted site.

  2. In the settings for trusted sites, enable user login to be sent, see screenshot below.

    userauth.png

Troubleshooting

In some environments, additional code may be needed to complete authentication from the server. 

After configuration, if you attempt to login with the AD username and password and are repeatedly prompted to enter your AD credentials instead of being transferred to the user portal:

  1. Edit the file at c:\xampp\htdocs\.htaccess

  2. Locate this section: 

    #--------------------------------------------------
# ADVANCED CUSTOMIZATION SECTION - END
#--------------------------------------------------

#Route all requests to our handler
RewriteRule   ^(.*)/?$ public/index.php [L]

  3. Above the line: 

    #Route all requests to our handler

     add the code: 

    RewriteRule ^auth/index\.php$ - [L]