I love the fact that we can tie webhelpdesk to activedirectory and use a common password. Now I want to take it a step further. Active Directory is a mix of LDAP and Kerberos (with some secret sauce). When a user logs in to their desktop their credentials can be forwarded to websites and used to authenticate them using GSSAPI (Kerberos). Apache has the ability using mod_auth_kerberos to perform GSSAPI authentication and then send webhelpdesk the REMOTE_USER environment variable. However, if the user doesn't have their browser configured to support GSSAPI they get an error. I would like to have it such that if Apache sees credentials, it passes them to webhelpdesk. If not, it presents the standard webhelpdesk login page. This can probably be provided in the form of documentation on how to do it.
One other thought is that since webhelpdesk is just a tomcat application, there may be a way to configure tomcat to support the same authentication (I've seen it work elsewhere in other tools, but don't know how it was done). Instead of having Apache proxy to tomcat, just configure tomcat may be simpler and may make it easier to do what I'm trying to do. Again, this can probably be provided in documentation and not really an application change.
I did open a ticket for this, 534514 and they suggested I open this feature request.
Thanks.
