Skip to content

Instantly share code, notes, and snippets.

@pvlasov
Created January 27, 2016 15:56
Show Gist options
  • Save pvlasov/cf318e1490f4c11e8591 to your computer and use it in GitHub Desktop.
Save pvlasov/cf318e1490f4c11e8591 to your computer and use it in GitHub Desktop.
Apache configuration for NTLM authentication with mod_authn_ntlm and forwarding remote user name in a header to a proxied, say, servlet container
# Required modules
LoadModule proxy_module modules/mod_proxy.so
# Maybe this one is not needed
LoadModule proxy_html_module modules/mod_proxy_html.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule auth_ntlm_module modules/mod_authn_ntlm.so
... Skipped ... (or "Elided" for fancy folks)
ProxyPass /myapp http://localhost:28080/myapp nocanon
ProxyPassReverse /myapp http://localhost:28080/myapp
ProxyRequests Off
AllowEncodedSlashes NoDecode
<Location "/myapp/">
AllowOverride All
Options FollowSymLinks
Order allow,deny
Allow from all
AuthName "MyOrg"
AuthType SSPI
NTLMAuth On
NTLMAuthoritative On
NTLMOmitDomain On
NTLMUsernameCase lower
NTLMOfferBasic Off
require valid-user
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule . - [E=RU:%1]
RequestHeader add X-Forwarded-User %{RU}e
</Location>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment