ClusteringSet Up NTLM Authentication for Each Cluster › Configure NTLM Authentication with Apache Load Balancer

Previous Topic: Set Up NTLM Authentication for Each Cluster

Next Topic: Configure NTLM Authentication with Another Type of Load Balancer

Configure NTLM Authentication with Apache Load Balancer

Perform the following process to set up NTLM authentication for each cluster, using Apache Load Balancer. If you are using Apache Load Balancer, configuring NTLM with Apache Load Balancer is a required task.

Important! This topic applies only if you are using Apache Load Balancer!

Follow these steps:

  1. Download the mod_auth_sspi module from the sourceforge web site, sourceforge.net.
  2. Copy the mod_auth_sspi.so module to the <APACHE_Home>\modules directory of the Apache web server that you use for CA Service Catalog.
  3. Append the following configuration section to the <APACHE_Home>\conf\httpd.conf file: 
    LoadModule sspi_auth_module modules/mod_auth_sspi.so
<Location ~ "/usm/(wpf|documents|FileStore)">
AuthName "domain_name"
AuthType SSPI
SSPIAuth On
SSPIOfferBasic On
SSPIAuthoritative On
SSPIDomain "domain_name"
SSPIofferSSPI off
require valid-user
</Location>
  4. Update this section: Replace domain_name with the name of your network domain or Windows domain.
  5. Verify that the tomcatAuthentication="false" attribute is set for the Tomcat connectors that this Apache load balancer uses.

    This setting is the default in all server.xml connectors.

  6. Log in to CA Service Catalog.
  7. Click Administration, Configuration, Single Sign On Authentication.

    The Single Sign On Authentication page appears.

  8. Do the following:
    1. Locate the property named Single Sign On Type and click its Modify icon (by default, a pencil).

      The Edit Configuration dialog for this property appears.

    2. Select the option named Artifact Based Single Sign On and click Update Configuration.

      Note: In this dialog, you select Artifact Based Single Sign On (not the NTLM option), because you are setting up a cluster.

      The dialog closes, and you return to the Sign On Authentication page.

    3. Locate the property named Artifact Type and click its Modify icon (by default, a pencil).

      The Edit Configuration dialog for this property appears.

    4. Select the option named Request and click Update Configuration.

      The dialog closes, and you return to the Sign On Authentication page.

You have configured NTLM authentication to work with Apache Load Balancer.