Would like to see another option other than using the ADFS myself..

We were able to get single-signon working using HTTP Headers and Apache.

This required Apache and WebHelpDesk on Windows.

I used the info here: Help Desk Software Forums by Web Help Desk - Single Sign On Setup

I'm trying to get this working but having some trouble. Would you be willing to share your config so I can compare to mine?

I'm getting

Service Temporarily Unavailable

The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

Apache log

[Tue Jan 14 15:29:39 2014] [error] ajp_check_msg_header() got bad signature 4854

[Tue Jan 14 15:29:39 2014] [error] ajp_ilink_receive() received bad header

[Tue Jan 14 15:29:39 2014] [error] ajp_read_header: ajp_ilink_receive failed

[Tue Jan 14 15:29:39 2014] [error] (120007)APR does not understand this error code: proxy: read response failed from (null) (localhost)

Sure.

In the httpd.conf here's what I added after the various module enables:

<Location /helpdesk>

AuthName "Helpdesk"

AuthType SSPI

NTLMAuth On

NTLMAuthoritative On

NTLMOfferBasic On

NTLMDomain DOMAINNAME

NTLMOmitDomain On

<RequireAll>

  <RequireAny>

  Require valid-user

  </RequireAny>

  <RequireNone>

  Require user "ANONYMOUS LOGON"

  </RequireNone>

</RequireAll>

## returns domain\name

RewriteEngine On

RewriteCond %{LA-U:REMOTE_USER} (.+)

RewriteRule . - [E=RU:%1]

RequestHeader set REMOTE_USER %{RU}e

Proxypass ajp://localhost:8009/helpdesk

ProxyPassReverse ajp://localhost:8009/

</Location>

<Location /whd-web>

Proxypass ajp://localhost:8009/whd-web

ProxyPassReverse ajp://localhost:8009/

</Location>

Didn't you have to edit config files such as whd.conf or the XLM files in C:\Program Files\WebHelpDesk\conf

I don't recall editing anything in the WebHelpDesk\conf folder, and for whd.conf it was just adjusting some of the memory settings for performance.

Here's what I changed in httpd.conf (aside from adding the section I sent before):

Set these variables:

ServerRoot

ServerName

Commented in these modules:

LoadModule headers_module modules/mod_headers.so

LoadModule proxy_module modules/mod_proxy.so

LoadModule proxy_ajp_module modules/mod_proxy_ajp.so

LoadModule ldap_module modules/mod_ldap.so

LoadModule auth_ntlm_module modules/mod_authn_ntlm.so

LoadModule remoteip_module modules/mod_remoteip.so

LoadModule rewrite_module modules/mod_rewrite.so

Thanks so much for your help.

I'm using this version of Apache httpd-2.2.25-win32-x86-openssl-0.9.8y which won't start now

C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin>httpd.exe

Syntax error on line 503 of C:/Program Files (x86)/Apache Software Foundation/Apache2.2/conf/httpd.conf: Invalid command 'NTLMAuth', perhaps misspelled or defined by a module not included in the server configuration

I have downloaded the mod_auth_sspi but I don't have remoteip or mod_authn_ntlm modules. Do you know where I can download compiled binaries for these?

Thanks

I'm using Apache 2.4 from Apache Haus and they have the module on their page. http://www.apachehaus.com/cgi-bin/download.plx

I'm not sure on the module for 2.2

Ok this makes sense. It's running now but still can't SSO. What are your settings in the WHD "Authentication Settings" page please and thanks.

HTTP Header and REMOTE_USER

I'm getting this error now if you have any other ideas let me know.

[Wed Jan 15 10:51:16.040232 2014] [auth_ntlm:error] [pid 2664:tid 1104] (OS 1326)Logon failure: unknown user name or bad password.  : [client 172.21.9.247:61940] authentication failure for "/helpdesk/": user unknown

Authentication method: HTTP Header

Username parameter: REMOTE_USER

Do you have an AD/LDAP connection created for your domain under Clients > AD/LDAP Connections?