We are trying to setup single sign on / silent authentication via Apache 2.2.21 RHEL5.
Using Chrome, it works fine - accesses web pages, no login box, but AD user credentials are available.
Using IE8 (company standard....), we get the login box - ie its using Basic Auth - which after login, shows the expected credentials.
The site is an intranet site and shows as such in the IE zone.
The apache config is as follows:
<VirtualHost ...:443>
...
SSLEngine on
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
SSLCertificateFile ...
SSLCertificateKeyFile ...
SSLCACertificateFile ...
<Location />
AuthName "MarketView Web Access"
AuthType CENTRIFYDC
UseCache true
EnableKerberosAuth true
EnableNtlmAuth true
EnableBasicAuth true
SetAuthUserInfo httpheader
Require valid-user
</Location>
</VirtualHost>
We have this centrify module installed:
/usr/share/centrifydc/apache/lib64/mod_auth_centrifydc_22.so
Could it be an AD Policy for IE thats disabling it? Or is IE8 just not up to the job... Or using an old version...
For me, the issue was this bit of config:
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
It disabled keep alive and downgrade for IE. Thus, it worked for Chrome, but not IE.
There were errors in the apache error log - I should have seen them, doh!