Forum OpenACS Q&A: SingleSignOn Implementation
I'm trying to implement a single sign on to our OpenACS web application, where users who are logged in on windows and have an ActiveDirectory user, should be logged in automatically at the web application.
We are using NaviServer 4.99.
I have already installed openldap and with ns_authpam I can let the user login with his AD login credentials and get further information about the user from ldap.
I tried to use kerberos (and got a keytab file from the AD provider for our domain) for the SSO but I'm not getting any information about if the user is authorized from the header. For aolserver I found spnego which could help maybe, but I did not find something like that for naviserver.
Has somebody experience with that or know what modules/tools should be used?
Hi and welcome.
I believe this should work with the TWAPI SSPI package http://twapi.sourceforge.net/v4.0/sspi.html
You may need ASN too http://docs.activestate.com/activetcl/8.6/tcllib/asn/asn.html
I forgot to mention, that we use Ubuntu 14.04 on our Server where the NaviServer is installed.
The AD is on another Server installed.
TWAPI SSPI requires Windows.
The implementation of NaviServer (and aolserver) module is based on the Apache module mod_spnego  and supports Kerberos. I have just helped porting and compiling the module. Sabine says that it works nice for Single-sign-on for their customers. The NaviServer modules is available from