Question

I am implementing Twiki for our coporate intranet. We are spread across various countries and have more than 50K employees. Our current intranet has a Single sign on solution which displays a separate login page when user tries to access any protected application on intranet and is backed by corp LDAP. How can I integrate twiki installation with existing single sign on? That is when user tries to access a protected page, user should get redcrected to SSO login and on successful login, he should be allowed in Twiki. SSO mechanism also sets a authentication cookie.

Environment

-- GauravSharma - 18 May 2006

Answer

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

You can configure Apache/TWiki to authenticate users against your corporate LDAP directory, see LdapAuthenticationHowTo.

-- PeterThoeny - 18 May 2006

I got LDAP authentication working after some dancing that I had to do with corporate IT. Once you have a bind account that will be guaranteed to have a static password (a service account that has no password expire), it is pretty simple. In fact it was so simple it was an anticlimax for me. I used this mod obviously, mod_auth_ldap and the ldapsearch tool was my friend through the experience. The only thing I have to say from my experience is; it comes down to the bind and base DN. Once you have those two locked down then the rest is trivial.

-- RobLeach - 12 Jun 2006

In most of corporate enviornments, usually there is SSO service which provides for login screens, passowrd management etc and also binds various applications together so that once user is logged in to SSO any other participating application (invoked by user) can identify user without further login. I dont see how integrating LDAP and TWIKi solve that problem.

-- GauravSharma - 13 Jun 2006

Actually, you're right. so long as the authentication cookie is sent to the TWikiSession, its now (with TWiki4) quite tivial to write a login manager module to use that cookie. In the Joomla case, I i'm implemented a TWiki::Client::JoomlaLogin module that inherited from TWiki::Client::TemplateLogin. All it needs to implement is the loadSession method, interpret the cookie, and use it (I also check the validity of the cooke .. )

Email me if you need help..

-- SvenDowideit - 13 Jun 2006

How about sharing this here with the TWikiCommunity?

-- PeterThoeny - 13 Jun 2006

share what? I simply don't think i'm garantee'd to come to this topic reliably enough to follow a conversation. Thus, I see email as a more responsive and reliable way.

-- SvenDowideit - 14 Jun 2006

See also similar questions raised in CanWeLinkTWikiWithDrupal and IntegrationOfPHPApplicationwithTwiki; would be great to start collecting useful info on these topis somewhere.

-- SteffenPoulsen - 16 Jun 2006