Which handler LDAP SSO - NOW kerberos integration
cantor.2 at osu.edu
Wed Nov 19 12:18:17 EST 2014
On 11/19/14, 4:21 PM, "Morris, Andi" <amorris at cardiffmet.ac.uk> wrote:
>It's very surprising to me that there isn't a more "out of the box"
>solution for integrated Kerberos login with Shibboleth. I do appreciate
>the open source nature of the software however.
Use of desktop authentication on the web is very uncommon and is
half-baked, with untenable error handling behavior, and operates with
assumptions that don't hold in any large campus environments. If it were
clean and failed gracefully, there would be more support for it. As it is,
it's a mini-project to come up with anything tenable, and whatever we did
would meet only a subset of enviromments' requirements.
Compare that to a form that accepts passwords.
Add in that using desktop authentication makes web logout even more
impossible than it already is (and yet people still ask for it), and it
renders features like forced authentication impossible. There are reasons
why it doesn't fit well.
More information about the users