SSO with mod_auth_kerb at windows for apache 2.4 or other possibilities

Question

need some help here.

how do I configure/compile mod_auth_kerb at windows for apache 2.4? The information I googled tends to show configuration on linux instead of windows.

I found the team schaeuffelhut-berger who sells modul (https://www.schaeuffelhut-berger.de/wordpress/en/buy-mod_auth_kerb-online-at-windows-for-apache2-4/). Is this the only option available?

I want to make our php app with SSO Authentication through Active Directory. I searched about and I found maybe another two ways:

• apache module mod_authnz_sspi
• apache module mod_authnz_ldap

Which authentication method you prefer?

Thanks for all help and assistance!

Answer 1

You'll never find the mod_auth_kerb module for Windows, unless you pay a lot too much for it or you compile it yourself (which isn't that easy).

Instead, you can use mod_authnz_sspi which is compatible with Apache 2.4 for Windows (x86 and x64). This module used to be available from ApacheHaus.net but their website is down since 2023. You therefore need to go to their forums to download it (this topic), or via the GPLI project forum.

Once you have downloaded the appropriate x86 or x64 mod_authnz_sspi.so file, copy it to the \modules\ directory of your Apache server.

In the httpd.conf file, add the following line (after all other modules):

LoadModule authnz_sspi_module modules/mod_authnz_sspi.so

Then restart Apache.

Add the following basic lines to an .htaccess file

AuthType SSPI 
SSPIAuth On 
SSPIAuthoritative On 
SSPIOfferBasic Off 
Require valid-sspi-user
require user "NT AUTHORITY\ANONYMOUS LOGON" denied

This should work!

Call phpinfo(); and you'll find the REMOTE_USER, PHP_AUTH_USER and AUTH_TYPE server variables.

You will also see that your Apache signature will display something like this: Apache/2.4.51 (Win64) mod_authnz_sspi/0.1.1 PHP/8.1.7 mod_fcgid/2.3.10-dev.

Tested with PHP7.3.x, PHP8.1.x, Apache2.4.x, Win Server 2016 x64. Also works with Wampserver64.