Zend Server - Enable Windows Authentification / NTLM / Apache mod_authnz_sspi

Question

So I have a Zend Server and I'm looking for a way to enable automatic authentification with Windows credentials.

I want to basically have the same result as if you would enable Windows authentification / NTLM on an IIS-Server or if you would install the Apache module "mod_authnz_sspi" on an Apache-Server. After enabling/installing this, both of these methods pass the credentials of the Windows user who is currently logged in to PHP variables. These variables being: $_SERVER["REMOTE_USER"] or $_SERVER["PHP_AUTH_USER"] which will contain the username. Using getenv("USERDOMAIN") it is also possible to retrieve the domain name.

With these variables set, I was able to achieve a Single-Sign-On solution for applications on my site.

1. One of these applications is "osTicket". I used the following plugins: https://github.com/osTicket/osTicket-plugins/tree/develop/auth-ldap and https://github.com/osTicket/osTicket-plugins/tree/develop/auth-passthru . So AuthPassthru will pass the above mentioned PHP variables to the LDAP-Plugin. The LDAP-Plugin will then connect to my Active-Directory server with a service user and look up if the Windows user from the passed PHP-variables is part of the domain. If yes, then the user will automatically be logged in.

2. The other one is the CMS Joomla. Here I was able to basically do the same thing with the plugins pkg_shplatform, pkg_ldap_sso_core and plg_sso_http. Again I would create a service user to connect to Active-Directory and lookup the user from the variables passed on by the "plg_sso_http"-plugin to then log them in automatically.

I did this on an Apache-server using mod_authnz_sspi. But now I have to use a Zend-Server and to basically do the same thing there. The goal is to provide a Single-Sign-On solution where users will only log into their Windows account and are then automatically logged into every application on my site with the Active Directory server authenticating them.

If nobody knows a solution to do SSO this way on Zend-Server, if you have any idea on how to do it in a Kerberos way (or any other) that would help, too!