I have seen the answer to this question
Setup FreeRadius + ldap + single sign-on
the answer is helpful, but what about Apache case, How to pass the credentials to Apache? or How to configure Apache to accept only users who already authenticated by freeradius?
In details:
I'm authenticating users in the wired network (clients connected to a Nortel switch) using ieee802.1x and freeradius,it worked will, but when a user ask for an authorized web page it will ask him for the credentials for the second time:
Is there a way to configure freeRADIUS and Apache to let the authorized users using 802.1x to get the web pages (which needs authentication) without asking them to type it for a second time (something like single sign on)? In short words can we pass the credentials from freeradius to Apache? Is there any tutorials that will help me in freeRADIUS website?
Short Answer
No, not as you're describing.
Long Answer
The credentials that your users are providing to the network layer to authenticate their access to their ports are not available to your users' web browsers. Without them, the web browsers can't automatically provide them to your web server, and that's why your users have to provide them again to login to your web sites.
Options
If we allow ourselves to get creative for a bit, there are some technology options you may have to provide the kind of sign-on functionality you are seeking.
Client certificates
Both 802.1x and Apache support the use of client certificates to authentication users. In this scheme, you would generate a common user certificate for each user that would be used for both 802.1x authentication and web server authentication. the certificate would probably have to be configured in two different systems, but to the user, if they got on the network they would not need to do anything more to auth with your web server.
Special-purpose Browser Plug-in
Conceivably, you could develop a special browser plug-in and related application that would control accepting a username and password and then provide them to both the 802.1x auth system and the web site. Security would be questionable in that controlling app.
IP-Based Authentication
If you're assigning each user an IP address on your network, you can allow access to the IP ranges and write a custom module to query the IP address and associate it with a user. It's essentially authentication by IP address where the IP address acts as a proxy for the username. It requires that you setup your RADIUS server to keep track of which users are assigned which IPs at any given time.
Links
For certificate setups, you can use the links below to guide you. For the other two items, they're conceptual/theoretical. You'll have to write some code or find some preimplemented code to do what they describe.