Set up the SSO Web Portal
Use the provided built-in Web portal
If you use the default built-in Web portal, you can customize your company logo and your CSS file.
The location of these files is:
<HAPEE_DIR>/sso/portal/logo.png (or logo.jpg)
Implement a custom Web portal
To implement a Web portal that displays a login form to the user, you only need a simple Web server that handles HTTP headers sent by HAProxy.
An action that can be any of the following:
A message to display to the user
The application that the user wants to access. It is determined by the URL and the SSO agent
The main URL of the application. The web server can include a link to this page to lead the user directly to the application.
Establish an authentication form
This HTML page must contain an HTML form to allow the user to enter his login and password and to select the domain to log on.
The POST action must be to post on the same URL.
A minimal form could be:
<form method="POST"> <input name="login" /> <input name="password" /> <select name="domain"> <option value="mydomain.net">My Domain</option> </select> </form>
The POST is done on the form backend and handled by HAProxy, which extracts the information and pass it on to the SSO agent.
Add SSO ability to an application
After you set up SSO, use the following procedure to add more applications:
Add a new domain:
You must add the new domain in a Web form of an HTML page. The user must be able to select it, and you must include its value in the POST.
To add an application, you configure it in the Active Directory:
Add a new service user associated with the service principal name (SPN) of your application.
Create a new keytab for the new SPN or add it to an existing keytab.
ktpass /out myapp.keytab /mapuser <service-user>MYDOMAIN.NET /princ HTTP/myapp.mydonain.net@MYDOMAIN.NET /pass <PASSWORD>
Add it to
In the configuration file
so.ini, add the application section and attach it to the correct domain.
keytab_filedirective, if needed.
Add the specified backend to