Created
January 27, 2016 15:56
-
-
Save pvlasov/cf318e1490f4c11e8591 to your computer and use it in GitHub Desktop.
Apache configuration for NTLM authentication with mod_authn_ntlm and forwarding remote user name in a header to a proxied, say, servlet container
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Required modules | |
| LoadModule proxy_module modules/mod_proxy.so | |
| # Maybe this one is not needed | |
| LoadModule proxy_html_module modules/mod_proxy_html.so | |
| LoadModule proxy_http_module modules/mod_proxy_http.so | |
| LoadModule rewrite_module modules/mod_rewrite.so | |
| LoadModule auth_ntlm_module modules/mod_authn_ntlm.so | |
| ... Skipped ... (or "Elided" for fancy folks) | |
| ProxyPass /myapp http://localhost:28080/myapp nocanon | |
| ProxyPassReverse /myapp http://localhost:28080/myapp | |
| ProxyRequests Off | |
| AllowEncodedSlashes NoDecode | |
| <Location "/myapp/"> | |
| AllowOverride All | |
| Options FollowSymLinks | |
| Order allow,deny | |
| Allow from all | |
| AuthName "MyOrg" | |
| AuthType SSPI | |
| NTLMAuth On | |
| NTLMAuthoritative On | |
| NTLMOmitDomain On | |
| NTLMUsernameCase lower | |
| NTLMOfferBasic Off | |
| require valid-user | |
| RewriteEngine On | |
| RewriteCond %{LA-U:REMOTE_USER} (.+) | |
| RewriteRule . - [E=RU:%1] | |
| RequestHeader add X-Forwarded-User %{RU}e | |
| </Location> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment