All you need is the
mod_auth_sspi Apache module.
AuthType SSPI SSPIAuth On SSPIAuthoritative On SSPIDomain mydomain # Set this if you want to allow access with clients that do not support NTLM, or via proxy from outside. Don't forget to require SSL in this case! SSPIOfferBasic On # Set this if you have only one domain and don't want the MYDOMAIN prefix on each user name SSPIOmitDomain On # AD user names are case-insensitive, so use this for normalization if your application's user names are case-sensitive SSPIUsernameCase Lower AuthName "Some text to prompt for domain credentials" Require valid-user
And don't forget that you can also use Firefox for transparent SSO in a Windows domain: Simply go to
about:config, search for
network.automatic-ntlm-auth.trusted-uris, and enter the host name or FQDN of your internal application (like myserver or myserver.corp.domain.com). You can have more than one entry, it's a comma-separated list.