Single Sign-On Epiphany

When I wrote about my experience setting up AD Single Sign-On for Linux, I said the next step was to extend the transparent SSO experience into WordPress. The biggest reason for that—I thought—was so that the WordPress server could then impersonate the logged-in user to pull resources from our SharePoint server (using SharePoint Web Services) and include them on WP pages. Basically a WordPress front-end with SharePoint doing some Digital Asset Management duties on the back-end.

The epiphany I just had is that it wouldn’t be WordPress connecting to SharePoint, it would be PHP, which already knows who the user is, thanks to the Kerberos authentication I already have set up. I don’t need to tackle the WordPress part before I can build the SharePoint part.

Transparent SSO to WordPress is a benefit mainly for content creators, editors, and admins—those are a small percentage of my total user base, and managing their accounts is relatively easy.

Advertisements

Active Directory Single Sign-On for Linux Intranet Servers

I mentioned a while ago that I have a Linux web server set up with Kerberos SSO in our AD domain. Setting it up was a lot more tedious than it seems like it should have been. I found bits and pieces of useful information here and there, and some step-by-step guides to help with specific sub-tasks, but I couldn’t find a good, intranet-specific guide to help me understand the big picture—what pieces I needed (and didn’t need) and how they fit together. So here’s part 1 of my attempt to rectify that situation (part 2 will be the WordPress integration—I’m still working on that part).
Continue reading “Active Directory Single Sign-On for Linux Intranet Servers”