I've builded some Intranet Web-Applications, which run on an Docker Container (Ubuntu-Host) with Apache and PHP.
The current Authentication is based on the Active Directory (NOT Azure, On-Premise Domain Controller) It's a login-page where you insert your userPrincipalName and Password. I'm using the PHP LDAP Module and the ldap_bind function for this.
But the user is already logged in with his Windows (or Active Directory) Account on the client-machine. So I was wondering, if I could build an Single-Sign-On- (or more precise a Pass-Through-)Authentication.
For IIS-Server this is pretty simple ...
I tried to find something, but I guess I'm not using the correct terminology.
You find a lot of stuff for configuring an Azure-AD, but as I said we don't use Azure. I tried "PHP AD Passthrough Authentication", "PHP Kerberos", "PHP NTLM", "Webapplication Active Directory Passthrough" and similiar things for JS. (Because you are logged in on your client-machine, you probably have to send some data from the client and use this on server-side) But this doesn't give me the results I need.
It seems than you can use the ldap_sasl_bind function (with the parameter "GSSAPI"), but I can't figure out what exactly I got to do.
Has anyone expierience in this and can help me?
I wouldn't mind if the Login-Page has an extra button "Login with Windows Credentials", which would trigger the Pass-Through-Authentication. Full automation is nice to have, but I'd be happy if my users can login without entering "username" and password.
Thanks in Advance
