Topic on Extension talk:LDAP Authentication

Hi, I don't know a great deal about authentication, so this might be a dumb question, so bear with me!

I've got Auto-Authentication working perfectly on a non-public-facing wiki for users of Windows. Users are set up in Active Directory, with permissions to the site being controlled by AD groups. I have however a small number of users accessing the wiki via non-windows systems (macOS, Linux). Although their accounts are in the Active Directory Auto-Authentication isn't working for them; they are getting prompted by the browser for a username and password.

Ideally, I'd like them to be able to benefit from auto-authentication too, if possible.

I expect that this will be mainly down to my authentication configuration in IIS. I've got it so that Windows Authentication is enabled, and all other authentication methods are disabled.

Is there any other configuration in IIS that would support auto authentication for both windows and non-windows users?

Many thanks Darren

The browser communicates with the underlying operating system to get an authentication token which then sends to the server, and is what makes possible the auto-authentication.

macOS and Linux doesn't provide that (AFAIK) for Active Directory authentication, so it's not possible.

Thanks for that Ciencia, A couple of follow-up questions on this:

• Should I expect API users to be affected by this? I've got a user who is now getting a 401 error when attempting to get his login token. He's still supplying the same details as he was before we enabled auto authentication. Not sure if he should be sending different parameters?
• For our non-windows users, a suitable alternative would be to allow access to the log in screen as a fallback. They can currently access ok as the browser prompts for credentials, but it doesn't keep them logged in once their session is closed. I'll do a bit more reading, but in principle is it possible to run an auto-auth domain alongside a manual auth domain?