Which handler LDAP SSO
Peter Schober
peter.schober at univie.ac.at
Tue Nov 11 08:03:12 EST 2014
* Morris, Andi <amorris at cardiffmet.ac.uk> [2014-11-11 13:44]:
> Thanks. I have UsernamePassword configured at the moment and I'm
> having trouble getting the bind to work so that users can login, but
> I'll continue to work on that.
This is all within the JAAS config file, login.config, as per the Shib
documentation.
> However, when running against test shib I'm being shown a login
> screen, as expected at the moment.
Yes, https://wiki.shibboleth.net/confluence/display/SHIB2/IdPUserAuthn
says
"Username/Password:
Presents the user with an authentication page and then checks the
entered username and password against an LDAP directory or Kerberos 5
domain."
So the UsernamePassword will generate HTML to collect credentials, and
validate them via LDAP (or Kerberos, but that doesn't change the fact
that a HTML form is rendered at the IDP).
> When I have the ldap running correctly will the users still be shown
> this screen if they already currently have valid windows credentials
Yes.
> or will I need to configure this with Kerberos? What we have at the
> moment is users being logged on without being prompted when they
> access a shibboleth resource internally.
You'll have to do something entirely different:
https://wiki.shibboleth.net/confluence/display/SHIB2/Kerberos+Login+Handler
The folks from Uni Newcastle have quite complete documentation for
this, IIRC, if you (or your peers from the UKfederation) don't find
anything better to offer try this:
https://www.google.com/search?q=newcastle+shib+SPNEGO
-peter
More information about the users
mailing list