Which handler LDAP SSO - NOW kerberos integration
Cantor, Scott
cantor.2 at osu.edu
Wed Nov 19 12:51:55 EST 2014
On 11/19/14, 5:43 PM, "Morris, Andi" <amorris at cardiffmet.ac.uk> wrote:
>Very fair points, and I wasn't having a dig at anybody, or the project in
>general.
I didn't take it that way in any sense, I just wanted to explain some of
why it's not in the state we'd like.
>I'm going to have to get around this somehow as I just can't see the
>internal departments being at all happy if I can't get integrated logon
>working in the new version, when it worked in the old. So tomorrow, fresh
>install, start again, and try to get spnego working once more.
As an option, you could do it in Apache with mod_auth_kerb worst case, and
pass in REMOTE_USER.
But if you're saying that everybody accessing the IdP can use SPNEGO, then
the error handling issues that make this so painful go away for the most
part and it should be much cleaner either way. If not, the pain here is
because SPNEGO (and HTTP authentication in general) is just badly designed
for these kinds of environments.
-- Scott
More information about the users
mailing list