EasyPHP AD Group Authorization - easyphp

I have a website hosted in EasyPHP in a domain but it is accessible to all users in that domain.Is there a configuration in EasyPHP to allow only specific AD group access to the website like we have in IIS ?

Related

A question about using KeyTab files to authenticate an Active Directory user to a Linux WEB Server (or any other App running on Linux)

Can someone please help me with the following
Assume I have an AD Domain and a 'standalone Linux host' which is not joined to the AD domain and there is no trust relationship in place between the AD and Linux of any kind.
Next I have a Kerberos aware application running on the Linux Server (WEB Server for example or other app) which is .
In order to an AD user to authenticate to the Linux hosted WEB/App using a KeyTab file
(created in Windows and setup on Linux). Does the Linux host need to be AD-Joined, in order to keyTab (single sign one) authentication to work?
Meaning if the Linux server was never joined to any domain of any kind (standalone), Would I still be able to user a KeyTab file to authenticate a user coming in from an AD Domain?
Thanks all
Charlie

Zendesk: Admin users can't use Enterprise SSO

I have enabled Enterprise SSO on zendesk so that users in my external Identity server can login to Zendesk. Setup is successfully made and users in my system can do SSO with Zendesk.
But As a admin I can't do SSO with zendesk from my external application, other end users and agents can do. What could be the root cause of this?

KERBEROS - restricting users from logging into specific hosts in realm

I have configured kerberos on linux machine to serve as a single point for user authorisation management. now I want to restrict few users from logging into specific linux hosts. for example.
I have user admin, developer and tester. and I have 3 linux client machine which are running with centos7., machine1, machine2 and machine3.
user admin can login to both 3 client machine.
user developer can login to client machine1 and machine2.
user tester can only login to client machine3.
need guidance to configure the above policy.

Thinktecture v3 auto login for ADFS users within the same domain

I am using Thinktecture identity server v3 for authentication and authorization. It works good with local database. I added external identity provider as ADFS. It also works good but it asks credentials for intranet users. My requirement is automatically login the intranet users without asking credentials. If the user is internet user, it asks for credentials. Is it possible?
This is unrelated to IdentityServer3. Your browser and ADFS need to be configured correctly to use Windows integrated authentication.

Challenge window from ADFS when on the corporate network

I just read the article here: http://www.asp.net/aspnet/overview/developing-apps-with-windows-azure/building-real-world-cloud-apps-with-windows-azure/single-sign-on
I have just finished building an app that can authenticate users via WAAD, or via a local installation of ADFS on their corporate network (configuration point allows them to select one or the other).
The app will be hosted in Azure. Can someone tell me if it is possible for users who are on their corporate network to login to this Azure app WITHOUT entering their credentials?
Here is the flow:
user navigates to the cloud app
FAM detects they aren't authenticated, and redirects the browser to their ADFS server on the corporate network
ADFS server replies with 401 challenge (I assume this is what's happening)
user sees a user name/password box, and enters in credentials
user is redirected back to the cloud app with a token containing their claims
I don't understand why #4 is required if the user is already on their corporate network. Shouldn't ADFS use Windows Authentication here so they don't have to enter their password? Is there a way to configure ADFS to do this?
Thank you!
This can be accomplished by adding the Url of the ADFS endpoint to the local intranet or trusted sites of Internet Explorer. By default Internet Explorer will pass in the Windows credentials to sites in those two groups. If that doesn't work, you would have to double check that setting hasn't been modified.