LDAP & NTLM for SSO

Re: LDAP & NTLM for SSO

by Dave Perry -
Number of replies: 1
Picture of Testers

For SSO to work, you still need the server in AD

Whilst you can find out the firewall ports needed to make this work, it is a VERY bad idea - if your server is compromised, the fact it can talk to AD (and NTLM for SSO) means that someone could roam around your network and you may not have a clue.

We had to move our server out of the DMZ to make SSO work internally, on the above security grounds. We then use a Reverse Proxy to publish the site.

Note, when our server was in the DMZ we just had an LDAP lookup to AD - which was deemed acceptable and necessary.

Average of ratings: -
In reply to Dave Perry

Re: LDAP & NTLM for SSO

by Stephan Tedesco -

Hi Dave, 


First, thanks for the answer. We configured it and it works also fine in the DMZ. The only problem is, that the SSO works only with IE and with Chrome and Firefox it shows something like "Server errror... has to be fixed by the server administrator". 

Is there something special for fixing Chrome and SSO? We are having REHL7 as server. 


Thanks. 


S. 

Average of ratings: -