HAProxy Enterprise Documentation 1.8r2
Using the provided built-in Web portal
If you use the default built-in Web portal, you can customize your company logo and your CSS file.
The location of these files is:
Implementing a custom Web portal
To implement a Web portal that displays a login form to the user, you only need a simple Web server that handles HTTP headers sent by HAProxy.
Establish an authentication form
This HTML page must contain an HTML form to allow the user to enter his login and password and to select the domain to log on.
POST action must be able to post on the same URL.
A minimal form could be the following:
<input name= "login" />
<input name= "password" />
<select name= "domain">
<option value= "mydomain.net">My Domain</option>
<!-- optional field. It should contain the value extracted from the
X-SSO-REDIR_QS header -->
<input type= "hidden" name= "posted_redir" values= "..." />
POST is done on the form backend and handled by HAProxy, which extracts the information and passes it on to the SSO agent.
Add SSO ability to an application
After you set up SSO, use the following procedure to add more applications:
Add a new domain:
To add an application if you use Kerberos with an Active Directory:
keytab_file directive, if needed.
Add the application to
In the configuration file
so.ini, add the application section and attach it to the correct domain.
Add the specified backend to
To check if a user is allowed to access an application, you must check that the
X-SSO-* headers are as follows:
X-SSO-APP: <name of the application>
X-SSO-DOMAIN: <name of the domain>
X-SSO-LOGIN: <user login> (SSO >= v1.2 or ALOHA >= 10.5.6)
Next up Configuring SSO