Community Tip - Did you get called away in the middle of writing a post? Don't worry you can find your unfinished post later in the Drafts section of your profile page. X
I am not an expert in Apache configuration but I've been in the tool enough to know the basic plumbing. We are looking to use a new LDAP proxy for two factor authentication. This proxy checks both AD and a DUO server when a user logs in. Both keys are provided by the users. What I am being told is that the Apache server is checking LDAP every time each URL or request is clicked. We are using basic authentication.
They had expected the webserver to only ask once on creation of the session for credentials but cache those and not check again. I am 100% sure that Apache is hitting back to the LDAP proxy each url click. This means when the pin code for 2FA expires after a few mins, the authentication fails and the user gets prompted for login. This is not experience when using just AD authentication. Is there a setting that is not default with Windchill's Apache configuration that tells it to not contact AD again when it already received a thumbs up from the LDAP server previously? Some type of LDAP caching? Checking additions.conf, it would appear so but what am I missing?