For our helpdesk we use the GLPI package with Kerberos SSO for our active directory users.
Right now if someone does not have a valid kerberos ticket, we redirect them to GLPI login page on another domain.
The SSO domaine is servicedesk.domain, the non SSO is sd.domain
Our users receive such a link, where "redirect" points to a specific ticket:
https://servicedesk.domain/index.php?redirect=ticket_20600_Ticket
In the SSO virtualhost definition in Apache, we redirect invalid connections with:
ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://sd.domain\"></html>"
Unfortunately, that strips the remainder of the URL, which means the users get sent to the home page of the website instead of the right ticket after manual authentication.
Is there any way to dynamically redirect to something like this instead?
Best Answer
So in answer to the question it seems like the following will work
And then use the CGI to look for the referrer. In answer to your other question I wouldn't use a rewriterule to do that at all. Just add an http vhost