1. Kayako Download customers: we will continue to develop and support Kayako Download beyond July 2017, alongside the new Kayako for existing customers.

    Find out more.

  2. The forum you are viewing relates to Kayako Classic. If you signed up or upgraded to the new Kayako (after the 4th July 2016), the information in this thread may not apply to you. You can visit the forums for the new Kayako here.

SSO, Two seperated domains with Trust Relatioship

Discussion in 'LoginShare' started by CHTech, Aug 9, 2013.

  1. CHTech

    CHTech Member

    Has anyone hacked together a method for enabling SSO for two separate domains that have a Trust Relationship and Conditional Forwarders? I have tried to piece together parts of the http://forge.kayako.com/projects/ad-ldap-authenticator project and http://forge.kayako.com/projects/ad-ldap-sso project, more so the ad-ldap-sso, and I am partially successful in my attempts minus the second domain authenticating as it seems that the user accounts are being handed off to first domains DCs.

    1. Domains have internal routes to separate IP networks.
    2. This is not a forest domain setup, each is independent of each other and carry their own forest.
    3. Both domains on 2008 R2, functional level at 2008 R2.
    4. With the Trust Relationship and Conditional forwarders, the domains talk. This allows for me to add second.domain to the security profile of the web server, and files/folders that need access.
    5. I am no expert in PHP and adLDAP to know whether or not my approach to modifying the scripts is correct, however, it seems to be functioning minus second domain authentication.

    I can post modified files (configs) as to my approach if that helps.
  2. CHTech

    CHTech Member

    I am going to assume by the views and 0 responses that no one really has a method for this to work. I am in the process of devising another solution using SQL server and Linked Servers to LDAP for a possible resolution.

Share This Page