How to configure Apache/IIS to integrate with CQ5 SSO


In order to enable SSO authentication with CQ5, typically a 3rd party authority is required which pre-authenticates a user before a request is passed through to CQ5. How can this be achieved with IIS or Apache 2.x?


Answer, Resolution

As a prerequisite, SSO needs to be enabled on both CQ5 and CRX as well. Please refer to this kb-article how to set this up.

This article will describe how to integrate Windows NTLM authentication through Apache and IIS with CQ5 to enable SSO access to a CQ5 authoring instance. It is assumes that a working setup of the Dispatcher connected to CQ5 instance is in place.



Microsoft IIS already provides built-in support for NTLM authentication which can be enabled through configuration:

  • activate Integrated Windows authentication in the Directory Security tab of IIS for the CQ instance served by this IIS server
  • enable server-variables to be passed along with the request as headers
  • make sure your web site is listed in the Intranet zone in IE's security settings

To enable server variables, edit the disp_iis.ini file and set servervariables to 1. This link provides a list of variables available in IIS.
Typical headers are REMOTE_USER or LOGON_USER. Please make sure that the value for the user-ID matches the IDs of users in CQ.



Apache requires an additional module to enable NTLM authentication called mod_auth_sspi. The ID of the current Windows user can then be extracted from Apache"s REMOTE_USER environment variable which is sent as request header.

Example configuration of httpd.conf:

LoadModule sspi_auth_module modules/

<VirtualHost *:80>
  DocumentRoot "C:/Apache2.2/htdocs"
  ServerName localhost
  ErrorLog "logs/error.log"
  KeepAlive On

    <Location />
      SetHandler dispatcher-handler
      AuthName "A Protected Place"
      AuthType SSPI
      SSPIAuth On
      SSPIUsernameCase lower
      require valid-user



Note : the mod_auth_sspi Apache module only works with the Windows version of Apache 2.x.

For Linux installations, possible solutions are either mod_ntlm , or mod_headers .


Applies to

CQ 5.x


Dapatkan bantuan lebih cepat dan lebih mudah

Pengguna baru?

Adobe MAX 2024

Adobe MAX
Konferensi Kreativitas

14–16 Oktober Miami Beach dan online

Adobe MAX

Konferensi Kreativitas

14–16 Oktober Miami Beach dan online

Adobe MAX 2024

Adobe MAX
Konferensi Kreativitas

14–16 Oktober Miami Beach dan online

Adobe MAX

Konferensi Kreativitas

14–16 Oktober Miami Beach dan online