Views: 606
Last Modified: 29.08.2023

How to configure NTLM authorization at the third-party environment

NTLM authorization support by default is included in Bitrix24 distribution package All Bitrix24 Self-hosted editions. . We recommend to use Bitrix Virtual Appliance (BitrixVM), with environment setting for NTLM authorization is performed via special menu item В меню BitrixVM пункт
6. Configure pool sites > 7. Configure NTLM auth for all sites.

Learn more in the course Bitrix Virtual Appliance (BitrixVM).
.

If due to some reasons you do not use BitrixVM, then for correct NTLM authorization your environment will require to perform settings similar to Virtual Appliance setup.

Attention! For Bitrix24 Self-hosted to support NTLM authentication you need an installed module AD/LDAP connector version 11.5.0 and higher.

  General description

Internal mechanism for NTLM in the virtual appliance looks as follows:

  • Nginx virtual appliance listens to ports 80/443 on all interfaces, Apache - localhost: 8888. This is the base route for handling project (without NTLM authentication);
  • Apache also listens at external interface the posts 8090 and 8091. This host can forward to the main project folder or a pre-created folder with kernel simlinks. For this, NTLM authentication is configured for this location in Apache;
  • LDAP module settings must have enabled option Redirect NTLM authentication Go to the page Module Settings (Settings > System Settings > Module settings > AD/LDAP connector).

    Learn more...
    .

Network interaction layout:

After enabling and setting up, the NTLM authentication mechanism starts to operate as follows:

  1. Unauthorized user goes to project and switches to the port 80 for http or port 443 for https;
  2. Bitrix24 uses event handler to forward it to an Apache open port (8890 for http or 8891 for https);
  3. Apache performs user's NTLM authentication, creates a session;
  4. Product kernel forwards user back to port 80 or port 443 (for http and https accordingly);
  5. User performs subsequent site browsing in standard mode, until session expires.

This way, all forwarding are sourced from Bitrix24 kernel.

Inside spoilers below you can view the example of templates for location setup in Apache, for third-party environments. You can also download the example files as an archive.

mod_ntlm.conf.j2

ntlm_site.conf.j2

You can find additional details on settings in Bitrix24 administrative section here:



0


Courses developed by Bitrix24