SSO from Multiple Active Directories / LDAP Server using Kerberos Protocol
Kerberos is an authentication protocol that supports the concept of Single Sign-On (SSO). It is a cryptography-based authentication protocol that is designed to provide secure authentication over an insecure network by allowing users to authenticate while preventing passwords from being sent over the internet. Kerberos mainly works on the basis of tickets between two or more different nodes in an insecure network. Once the user enters his LDAP/Active Directory credentials a ticket is generated which allows direct access to the user without needing to enter the credentials on next login (till the session expires).
Scenario:
- You have Multiple Active Directories/ LDAP Servers which contain information of AD objects like users, computers, electronic devices, etc.
- You want to allow Active Directory users to SSO into your web application (WordPress website).
- You want to restrict other users to access the content of your WordPress website.
Components involved:
WordPress Kerberos/NTLM Add-on allows the users to configure the Single Sign On (SSO) from single Active Directory as well Multiple Directory Servers using Kerberos protocol.
Solution:
In this setup, WordPress acts as a website / web application which is used by user to Single Sign On (SSO) using their LDAP/Active Directory credentials with Kerberos protocol:
- The WordPress Kerberos/NTLM add-on needs to be installed on the WordPress site for which you want to enable Single Sign On(SSO) along with WordPress LDAP/AD Login for Intranet Sites premium plugin.
- You will also need to completely configure WordPress LDAP/AD Intranet Premium Plugin beforehand.
- The Kerberos Authentication with Multiple Active Directory needs to be set up on the server where your WordPress site is hosted. You can refer to this guide to setup Kerberos Authentication on your server depending on which Operating System you are using.
- Once you have successfully completed the configuration, users will be able to SSO into your wordpress.
End user experience:
- After installing and configuring the WordPress LDAP/AD Login for Intranet sites premium plugin along with WordPress Kerberos/NTLM add-on, users can auto login into your wordpress site without a need of entering their credentials from a domain joined machine.
- With this plugin and add-on, wordpress will directly fetch and update the user profile information from the Active Directory, whenever user auto logins to your website.
Conclusion:
The WordPress LDAP/AD Login for Intranet sites allows a seamless user experience by authentication users into your wordpress site with their Active Directory credentials and auto login(SSO) using WordPress Kerberos/NTLM add-on. The plugins support authenticating users from multiple Active Directory domains to your wordpress site.
Other Products:
LDAP/AD Login for Intranet Sites
LDAP/AD login for intranet sites plugin allows you to Login into a WordPress website using the credentials which are stored in your LDAP server/ Active Directory.
LDAP/AD Login for Shared Hosting
This plugin allows you to Login into a WordPress site hosted on a shared hosting platform using credentials stored in your LDAP server / Active Directory.
Staff/Employee Business Directory Search
The directory search plugin Searches and displays the users present in your Active Directory / LDAP Server on a WordPress page using a shortcode. The users are displayed on the fly.
WordPress Login and User Management
This plugin offers several functionalities, such as bulk user management, user redirection based on WordPress roles, user session management and many more.
Our Premium Add-on Catalogue
Additional Resources
To learn more about the plugin's features and add-ons, click here.
Need Help? We are right here!
