Score:0

Apache HTTPD Kerberos, silently redirect if no auth offered

in flag

I've configured Apache HTTPD as a reverse proxy (for SSL) for my Artifactory instance, and I'm now trying to get HTTP SSO working on it.

Using the below configuration, I am successfully automatically signed in from my machine. However, when I run Chrome in Incognito mode (to disable Kerberos forwarding), the behaviour becomes undesirable.

What I want to happen is that the user be silently taken to Artifactory's standard login page, at /ui/login. However, what actually happens is that the browser prompts its built-in username and password window.

The other solutions I've seen in my research seem to be based on the Kerberos auth failing, or the user hitting cancel at this window. Instead, what I am trying to cater for is my users browsing to Artifactory from a non-domain-joined machine, which doesn't have a Kerberos ticket. I want these users to be shown the nicer-looking Artifactory standard login page.

# httpd -v
Server version: Apache/2.4.6 (Red Hat Enterprise Linux)
Server built:   Oct  8 2020 21:27:40
    <Location />
        AuthType Kerberos
        AuthName "Intranet"

        KrbMethodNegotiate On
        KrbMethodK5Passwd Off
        KrbAuthRealms DOMAIN.EXAMPLE.ORG
        KrbLocalUserMapping On
        Krb5KeyTab /etc/httpd/artf_ldap.keytab

        Require valid-user

        KrbAuthoritative On

        ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=/ui/login\"></html>"

        RewriteEngine On
        RewriteCond %{REMOTE_USER} (.+)
        RewriteRule . - [E=RU:%1]
        RequestHeader set REMOTE_USER %{RU}e
    </Location>

The ErrorDocument 401 and KrbMethodK5Passwd Off parts were my attempts at solving this myself.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.