The bosses showed interest in the concept of establishing a corporate portal for publishing employee information.
One potential option is to utilize Bitrix24.ua or free Redmine, but as the system administrator, I am dissatisfied with the need to create separate user accounts for the portal, which would require employees to remember additional usernames and passwords (especially since most employees are not very tech-savvy).

In our company, all employees use Windows, and their accounts are managed through Active Directory on a domain controller; 1C is also integrated with Active Directory. Therefore, each employee already has a single username and password, and I would like to maintain this principle.
Hence, the question arises: is it possible to authenticate users on a web resource using their current Windows login?

Alternatively, is there a way to implement user identification based on IP address in Redmine? (I can configure IP address reservation on our DHCP server)

The combination of Kerberos and SPNEGO is referred to as the protocol. An RFC has been established to outline its usage with HTTP, known as Negotiate for http authentication. You can find more detailed information in RFC4559. Simply put, when a web server is ready to support this authentication scheme, it should send the www-authenticate header with the value "negotiate." Subsequently, the browser responds with a token.

Most browsers allow you to configure support for this authentication scheme. However, server-side support is also necessary. Noises, as mentioned by Ivan, can provide assistance with this. Keycloak, for instance, offers support for Kerberos and allows LDAP integration as a user database. This is commonly done because federated identity protocols like OpenID Connect are typically easier to implement from the perspective of a web application, rather than dealing with the intricacies of authentication, such as your case or two-factor authorization using Google Authenticator.

I hope this response addresses your initial query regarding the current domain login. While connecting LDAP to the service is beneficial, it does not provide single sign-on (SSO) capabilities.

In my limited perspective, it might be achievable solely in Internet Explorer. This could involve enabling the execution of unsafe ActiveX controls.
Alternatively, within the security settings of "Browser Properties," there is a section for "User authentication/Login." There, you can select options like "Automatic login to the network with the current username and password" or "Automatic login to the network only in the Intranet zone." However, I have not personally verified the specific nature of these options.

It's worth noting that relying on unsafe ActiveX execution or modifying browser settings for automatic login may have security implications. It is essential to thoroughly assess the risks and consider alternative authentication methods to ensure the protection of sensitive information.

To facilitate everyday operations, the concept of an Identity Server has long been established, enabling user integration from various sources. There are several available solutions, including Keycloak, WSO2, okta, Auth0, and many more. The options are plentiful, allowing you to select the most suitable one. Additionally, users have the flexibility to change passwords directly from the browser, ensuring convenience and security. However, in rare cases where access to the system is compromised, and office break-ins become necessary, appropriate measures should be taken to safeguard sensitive information.

It is possible to authenticate users on a web resource using their current Windows login in an environment where Active Directory is being used. This can be achieved through Single Sign-On (SSO) solutions, which allow users to access multiple applications and services with a single set of credentials. In your case, you can implement SSO to integrate your corporate portal with Active Directory. Here's how you can do it:

Use SAML (Security Assertion Markup Language): SAML is a standard for exchanging authentication and authorization data between parties, specifically, between an identity provider (in your case, Active Directory) and a service provider (your corporate portal).

Choose a SAML-compatible Corporate Portal: Ensure that the corporate portal you choose supports SAML for SSO integration. Many popular tools and platforms, including Bitrix24 and Redmine, offer SAML integration options.

Configure SAML Integration: Depending on the portal you select, there should be options to configure SAML settings. You will need to provide information about your Active Directory setup, such as the SAML endpoint, the SAML certificate, and other relevant details.

Test the SSO Integration: After configuring SAML, test the SSO integration to ensure that users can log in to the corporate portal using their Active Directory credentials.

Automatic Account Creation: Make sure that the corporate portal can automatically create user accounts based on the information received from Active Directory, so employees don't need to remember additional usernames and passwords.

This SSO solution will allow employees to log in to the corporate portal using their existing Windows login credentials, eliminating the need for separate accounts and passwords.

Regarding your second question, implementing user identification based on IP addresses in Redmine is possible, but it may not be the most secure or user-friendly method. It can also be less reliable if employees have dynamic IP addresses or if they access the portal from multiple locations.

If you still want to explore this option, you can configure IP-based access control in Redmine by specifying which IP addresses are allowed to access the system. This can usually be done through server configuration or firewall rules. However, this method does not provide the same level of security and ease of use as SSO.

In most corporate environments, SSO with Active Directory integration is the preferred solution for user authentication due to its security and user convenience.

You can use the Windows Authentication protocol to authenticate users on your web resource using their current Windows login credentials. This protocol uses the Negotiate authentication scheme, which can be configured to use Kerberos or NTLM authentication. You can also use the requests-ntlm library in Python to handle NTLM authentication. However, keep in mind that this approach may require additional configuration and setup on your server-side.