Steps To Setup NTLM SSO with Apache on Windows

Steps To Setup NTLM SSO with Apache on Windows

  • Click here to download the apache module.
  • Copy the mod_authnz_sspi.so from Apache24 > modules folder and place it in the modules
  • Copy the sspipkgs.exe file from Apache24 -> bin folder and place it in the bin folder of your Xampp apache folder (.....\xampp\apache\bin) on your webserver.
  • Open httpd.conf (.....\xampp\apache\conf) and place the below line of code in the LoadModule section.
    LoadModule authnz_sspi_module modules/mod_authnz_sspi.so
  • Make sure that the following modules are uncommented:
    LoadModule authn_core_module modules/mod_authn_core.so LoadModule authz_core_module modules/mod_authz_core.so Also, make sure to enable ldap extension.
  • Open the httpd.conf file from (.....\xampp\apache\conf\httpd.conf).
    Go to and paste the below lines after #Require all granted. <Directory "...../xampp/htdocs"> ……… ……… #Require all granted AllowOverride None Options None AuthType SSPI SSPIAuth On SSPIAuthoritative On Require valid-user </Directory>
  • Restart your Apache Server.
  • To test the configuration create a test.php file in your WordPress root directory.
    (.....\xampp\htdocs\wordpress\test.php).
    Enter the below line:<?php var_dump($_SERVER); ?>
  • Save the file and run in the web browser.
  • Search for "REMOTE_USER" and it should contain the currently logged in username.

Configure browsers settings for Kerberos Authentication

The client-side configuration enables the respective browser to use SPNEGO to negotiate Kerberos authentication for the browser. You must make sure that the browser on an end user's system is configured to support Kerberos authentication.

1. Internet Explorer
2. Google Chrome
3. Mozilla Firefox


Internet Explorer


  • Open Internet Explorer browser and click on Tools > Internet Options > Security > Local intranet > Sites > Advanced.

    kerberos windows-8 kerberos windows-8
  • In Add this website to the zone field, enter the Base URL for the WordPress site, then click Add.
  • kerberos windows-8
  • Click Tools > Internet Options > Security > Local intranet > Custom Level.
  • Scroll down to the User Authentication options and select Automatic logon only in Intranet zone.
  • Click OK and then restart your browser.

Google Chrome


By default the Internet Explorer settings will be applicable, if you configure Internet Explorer, then no additional settings are required for Google Chrome.

Mozilla Firefox


  • Open Mozilla firefox browser and enter about:config in the address bar.
  • Search for network.negotiate-auth.trusted-uris Preference Name, and click on Edit. enter the hostname or the domain of the web server that is protected by Kerberos HTTP SPNEGO. Specify multiple domains and hostnames separated with a comma.
  • kerberos windows-8
  • Search for network.automatic-ntlm-auth.trusted-uris Preference Name, and click on Edit. enter the hostname or the domain of the web server that is protected by Kerberos HTTP SPNEGO. Specify multiple domains and hostnames separated with a comma.
  • kerberos windows-8
  • Click OK and then restart your browser.
Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com