AD Authentication/Single Signon Issues

I know this concept has been beaten to death, as I’ve dug through many many
posts today related to the issue in the archives. Unfortunately, I can’t
find an answer to my specific question so here goes. I was able to get
Active Directory authentication to work through LDAP using the guide at
http://wiki.bestpractical.com/index.cgi?LDAP. I also have accounts being
auto-created for new users. The only thing that still doesn’t seem to happen
is a single signon. I can type in a username and password and it will
authenticate against active directory just fine, I just can’t get it to go
automatically if someone has already logged into their workstation. No
matter what, I always have to login at the login page.

From the guide I can’t exactly tell if it’s supposed to even do a single
signon, but I’d like to know if the possibility exists and how to go about
doing it. I know there is also this guide
http://blank.org/memory/output/rt-ad-sso.html but it seems to be older (for
Apache 1, older version of RT, etc.) and I’ve already implemented the other
solution, so I’m trying to make the other solution work but still have
single signon.

Any suggestions would be appreciated. Thanks.

The key items in the document you referred to relates to mod_ntlm:

  • Grab mod_ntlm for the relevant version of Apache you have (v1/v2) from
    here : http://modntlm.jamiekerwick.co.uk/
  • Check the mod_ntlm directives in your Apache configuration are
    correct.
  • Check that ‘the URL of your RT apache vhost to either the “trusted
    sites” or “intranet sites” zone of Internet Explorer’.

There may be an error in your configuration which is stopping the NTLM
calls being made correctly.

HTH

Regards,
Sasha

Sasha Gerrand
Web & Database Developer

Austbrokers Holdings Limited
Level 21, 111 Pacific Highway
North Sydney NSW 2060
PO Box 1813 North Sydney NSW 2060

Ph: 02 9935 2230
Mobile: 0431 895 718
Email: sashag@austbrokers.com.au
Web: http://www.austbrokers.com.au http://www.austbrokers.com.au/

NOTICE
If you are not an authorised recipient of this email, please contact
Austbrokers Holdings immediately by return e-mail or by telephone on
+61-2-4920-6117. In this case, you should not read, print, re-transmit,
store or act on this e-mail or any attachments. Please destroy the
message and attachments. This e-mail and any attachments are
confidential and may contain legally privileged information and/or
copyright material of Austbrokers Holdings or third parties. You should
only re-transmit, distribute or commercialise the material if you are
authorised to do so. Internet e-mails are not necessarily secure,
Austbrokers Holdings does not accept responsibility for changes made to
this message after it was sent. This Notice should not be removed.From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Rob Shupe
Sent: Friday, 23 March 2007 8:51 AM
To: rt-users@lists.bestpractical.com
Subject: [rt-users] AD Authentication/Single Signon Issues

I know this concept has been beaten to death, as I’ve dug through many
many posts today related to the issue in the archives. Unfortunately, I
can’t find an answer to my specific question so here goes. I was able to
get Active Directory authentication to work through LDAP using the guide
at Request Tracker Wiki. I also have accounts
being auto-created for new users. The only thing that still doesn’t seem
to happen is a single signon. I can type in a username and password and
it will authenticate against active directory just fine, I just can’t
get it to go automatically if someone has already logged into their
workstation. No matter what, I always have to login at the login page.

From the guide I can’t exactly tell if it’s supposed to even do a single
signon, but I’d like to know if the possibility exists and how to go
about doing it. I know there is also this guide
The holy grail: Single Signon RT but it seems to be older
(for Apache 1, older version of RT, etc.) and I’ve already implemented
the other solution, so I’m trying to make the other solution work but
still have single signon.

Any suggestions would be appreciated. Thanks.