SSO with Kerberos

[schumiel]

Hi,

your extension works. Except for the SSO.

I use Kerberos and Active Directory, and have configured this. KeyTab is correct and also "kinit" and "klist" give a successful and correct feedback. https://docs.typo3.org/typo3cms/extensions/ig_ldap_sso_auth/SSO/Configuration.html#admin-manual-kerberos-apache-basic-configuration-principal

Then we forward to TYPO3 via <FilesMatch "singlesignon.php"> ...

https://docs.typo3.org/typo3cms/extensions/ig_ldap_sso_auth/Faq/Index.html

You write here that a $_SERVER['REMOTE_USER'] is returned. If I spend $_SERVER, REMOTE_USER is empty. Although I use php7.2.9, although your extension is only optimized until 7.1.99. But even your dev-version 3.4 take me no success. I use v3.3 - Or do I have to go back to php7.1?

[xperseguers]

Create a dumb PHP script containing:

<?php
phpinfo();

Then access it from your browser. Your Apache should ask for username/password and show the username "somewhere" in $_SERVER. If that's not the case, then it's a problem with your Apache/PHP configuration but not with the 7.2 version.

[schumiel]

Unfortunately, no REMOTE_USER is output. Also on the older TYPO3 the connection has worked, there is no REMOTE_USER in phpinfo ().

It was not asked for username / password. That's a problem.

[schumiel]

That was done https://wiki.shibboleth.net/confluence/display/SHIB2/Single+sign-on+Browser+configuration

[xperseguers]

Maybe this helps? https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPAttributeAccess#NativeSPAttributeAccess-REMOTE_USER but unsure if you're using Apache, IIS, or anything else. Anyway, won't be able to help much on that, you should google on your own.