Home » Php » php – How to populate the REMOTE_USER in Apache Server from Active Directory (SSO related)

php – How to populate the REMOTE_USER in Apache Server from Active Directory (SSO related)

Posted by: admin July 12, 2020 Leave a comment

Questions:

I’m building an Intranet site for our company using Joomla 3.3.3.

I have configured a VM to run using Ubuntu 14.04 with a standard LAMP stack. I have also installed Joomla which I was able to get working with our company Active Directory (users are able to log into the site from any machine on our network and Joomla recognizes them).

I am now trying to implement SSO so that our employees won’t need to sign into the site if they’re logged into their workstations, and through my troubleshooting, I’ve narrowed it down to the ‘REMOTE_USER’ variable not being populated by the APACHE server (The variable doesn’t even appear on my phpinfo() page)

I think I’m pretty knowledgeable working within Joomla and PHP, but my Apache server and Ubuntu skills are pretty weak.

Do my users need to authenticate within the Apache server? I really just need the Windows machine to pass the Remote_User token to Joomla, but I’m at a loss as to how to do this within Ubuntu.

How to&Answers:

The first step to this involves a change through group policy to add your Joomla site to the Intranet security group in internet explorer. Google Chrome and Firefox respect the IE security group settings.

Once you have done this whenever your user browses your site from a domain authenticated computer the browser will automatically send a user header with the already authenticated username, this can be accessed in PHP using the $_SERVER['PHP_AUTH_USER'] superglobal.