Suffix not appending to REMOTE_USER variable for SSO

  • Resolved lady_minx

    (@lady_minx)


    4 years ago

    Perhaps the problem is that originally my REMOTE_USER field was being set to Domain/username but I added this to my configuration: NTLMOmitDomain On which reduced the REMOTE_USER variable to simply the username. I thought then I could add a suffix to append @domain.com and it would send that to the AD server to authenticate but it’s still sending just the username.

    I’m on a windows/apache 2.4 installation and using the plugin in a multisite installation.

    If there’s no way to get the prefix to append (it would be Really helpful if the plugin could be changed to allow that for this circumstance) does anyone have a quick hack, perhaps to re-write the REMOTE_USER variable for WordPress’ purposes, which won’t break any other login functionality?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter lady_minx

    (@lady_minx)

    I have also tried mod_authnz_sspi with the exact same results.

    Thread Starter lady_minx

    (@lady_minx)

    Hmm, okay I manually modified the REMOTE_USER variable and it still didn’t work. It looks like the plugin isn’t filling in / sending the sAMAccountName or userPrincipalName when trying to login via SSO, but it does if I type in the login and password.

    I guess I’m stuck. I don’t know what/if I’m missing a configuration setting or if something needs to be done on the AD side of the house to get this to work?

    Plugin Author schakko

    (@schakko)

    Please enable the debug log for further investigations.

    You don need to omit the NETBIOS name from the REMOTE_USER variable. As soon as you have configured the NETBIOS name in NADI, the authentication will look up that profile by extracting the NETBIOS name from the REMOTE_USER variable.

    Thread Starter lady_minx

    (@lady_minx)

    It isn’t letting me configure the Netbios name in NADI. When I looked that up it says it should be detecting it automatically now?

    Plugin Author schakko

    (@schakko)

    After you have connected your NADI instance with your Active Directory, the NETBIOS name of your domain will be printed out on your “Environment” tab in NADI (https://active-directory-wp.com/docs/Configuration/Environment.html).
    You can use the “Account suffix” option (https://active-directory-wp.com/docs/Configuration/User.html) to strip the NETBIOS name and then append the suffix during authentication.
    Please note that there is no technically correlation between your sAMAccountName and your userPrincipalName, see https://active-directory-wp.com/docs/Technical_details/Active_Directory_internals/Users.html.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Suffix not appending to REMOTE_USER variable for SSO’ is closed to new replies.