Release IdP Kerberos Login Handler 1.0

Halm Reusser halm.reusser at
Mon Sep 5 15:16:55 BST 2011


The University of Applied Sciences Northwestern Switzerland
( has implemented a Kerberos Login Handler for the
Shibboleth Identity Provider 2.

The goal of this project was to implement a user friendly Single Sign On
mechanism for the Shibboleth IdP based on the user's "Windows Logon".
The Login Handler is based on the Kerberos protocol supported natively
by Windows Server 200x and can easily be deployed in an Active Directory
environment in combination with the existing username password handler -
which is how the FHNW uses it since 4 months successfully in production.
However, it should work with other platforms and scenarios too - see
documentation for details.

A presentation with some general information about the project can be
found here:

Information about installation, configuration, FAQ, troubleshooting etc.
are published here:

Feedback and comments could be provided here:

Credits to Michael Hausherr (Project Leader) and Rodrigo Ristow (Lead

Best Regards,
Halm Reusser

Serving Swiss Universities
Halm Reusser, Software Engineer
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 71, fax +41 44 268 15 68
halm.reusser at,

More information about the users mailing list