Super Contributor.. patrick-sa Super Contributor..
Super Contributor..

Generic SSO with Apache



We're running on Apache on linux and we'd like to configure SSO where users who are already logged to the domain are automatically logged into PPM.


I'd like to hear from someone who has implemented SSO on apache,i've seen many queries on IIS.I'd like to see the entries added to the httpd.conf to enable apache AD integration.


I'm following the guide and the guide states that the webserver needs to be integreated with the generic SSO so in my mind this means apache should be configured to authenticate against the AD.Is this correct?





Tags (1)
3 Replies
Acclaimed Contributor.. dirkf Acclaimed Contributor..
Acclaimed Contributor..

Re: Generic SSO with Apache

Hi Patrick,


there's not really anything I can add to your request because SSO and Web Server are a little outside of my knowledge area.


I checked and the admin guide gives directions to what needs to be done on the httpd.conf file.

Check if you haven't done so the admin guide, page 170 in Chapter 5


Configure Apache HTTP Server Version 2.2 Using mod_jk


On page 171 it goes on to explain:


3. Add the following lines of text to the httpd.conf file:

LoadModule jk_module <Relative_Modules_Path>/

JkWorkersFile <Relative_Conf_Path>/

JkMountFile <Relative_Conf_Path>/

JkLogFile <Relative_Logs_Path>/jk.log



If you plan to enable SSL on Apache, then you must also add the “JkMountCopyOn” to the virtual host directive in the httpd-ssl.conf file.


4. Check to make sure that include conf/extra/httpd-ssl.conf is not

commented out in the httpd.conf file.


5. Navigate to the <PPM_Home>/integration/webserverplugins/

configuration directory, and then copy the and to the Apache configuration directory

(usually <Apache_Home>/conf).


6. Configure the file. (For detailed information and

instructions, see Configuring the Workers Properties File on page 147.)


7. Configure the file to specify mappings

between a given URL (or URL pattern) and worker name. (For detailed

information and instructions, see Configuring the

File on Microsoft IIS and Apache-Based Servers on page 151.


Make sure that the name of the worker mapped to /itg/* pattern in the file matches the name of the worker defined in the file. This worker must also be listed in the worker.list

directive of the file.


8. Restart your Apache HTTP Server 2.2 and check to see whether your

configuration works.


Hope this helps.


Best regards,




Super Contributor.. patrick-sa Super Contributor..
Super Contributor..

Re: Generic SSO with Apache

Hi Dirk,


Thanks for this but this i've already done.This is actually how to set up apache as an external webserver.


Will log  a support case and see if i can get help.




Micro Focus Expert
Micro Focus Expert

Re: Generic SSO with Apache

Hi Patrick,


You're correct. Generic SSO means that the web Server is responsible for HTTP request authentication, and should ensuire that only properly authenticated requests be forwarded to PPM Server. It should also include a HTTP Header with the username for identification, that PPM Server will blindly trust.


For this reason, you must ensure that no HTTP request can reach the PPM Server without going through the web server first.


We have some customers that are using this set up for integrating with any authentication system (such as SAML2 for example). As long as you can perform the authentication at the Web Server level (Apache or IIS, or any other supported Web Server out there) and that the web server can communicate the username to the PPM Server in the HTTP header, it should work.




The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.