search

TQsoft-GmbH / mod_authn_ntlm

Apache 2.4 SSPI NTLM based authentication module for windows
Other
85 stars 27 forks source link

Request is not forwarded on first attempt in Chrome and Firefox #37

Open uabajwah opened 6 years ago

uabajwah commented 6 years ago

I am facing an issue when using mod_authn_ntlm. It is working fine on edge and IE but when I try this on chrome and firefox it doesn't work as expected. Let me explain the issue.

we have an application which is running on https and we have enabled NTLM authentication. By providing all the settings as mentioned in the documentation we are able to access our application within the domain flawlessly. however when we try to access the application outside of the domain and providing valid credentials on chrome and firefox the first request is sent and popup is prompted for username and password to get logged in when provided the request which is in pending state fails and our application's normal login page is visible if we refresh the page or close the login button a new Login request is made and without providing any username or password it is successful.

I want to know which thing is causing the issue. Below are the settings that I made

<Location ~ "/auth/(login|logoutall)" >
    #AllowOverride None
    AuthName "Private location"
    AuthType SSPI
    NTLMAuth On
    NTLMAuthoritative On
    <RequireAll>
        <RequireAny>
            Require valid-user
            #require sspi-user EMEA\group_name
        </RequireAny>
        <RequireNone>
            Require user "ANONYMOUS LOGON"
            Require user "NT-AUTORITÄT\ANONYMOUS-ANMELDUNG"
        </RequireNone>
    </RequireAll>
    # use this to add the authenticated username to your header
    # so any backend system can fetch the current user
    # rewrite_module needs to be loaded then
    RewriteEngine On
    RewriteCond %{LA-U:REMOTE_USER} (.+)
    RewriteRule . - [E=RU:%1]
    RequestHeader set DOMAIN_USER %{RU}e
</Location>

stuck with this. hoping to see the response at earliest

JBlond commented 6 years ago

The formated version of the config https://gist.github.com/JBlond/ceafae63ef99fecd5c22cb8168a56fa5

YvesR commented 5 years ago

When you do enter credentials from outside the domain you add the domain to username? This is mandatory in this case.