Shibboleth in Active Directory

Volmer, John A. volmer at anl.gov
Wed Sep 5 15:31:31 EDT 2018 

Hi Kevin,

Can you tell me was it necessary to alter the auth that the workstations used to authenticate to the DC to get true SSO with the IdP?

I assume your windows user’s authenticate to a domain controller? If so, no changes are required to user authentication.

----- John Volmer, 630.252.5449, volmer at anl.gov<mailto:volmer at anl.gov> -----

From: users <users-bounces at shibboleth.net> On Behalf Of Kevin B
Sent: Wednesday, September 5, 2018 12:44 PM
To: users at shibboleth.net
Subject: Re: Shibboleth in Active Directory

Thank you for the replies.  Can you tell me was it necessary to alter the auth that the workstations used to authenticate to the DC to get true SSO with the IdP?
The two articles for tutorials are quite different so I wasn't sure which were needed if not both:

To use the authn/SPNEGO login flow, it is necessary to have the Kerberos environment configured and working properly.

Some interesting tutorials that may help are:

http://www.grolmsnet.de/kerbtut/

HTTP-Based Cross-Platform Authentication by Using the Negotiate Protocol<http://msdn.microsoft.com/en-us/library/ms995329#http-sso-1_topic3>.


On Wed, Sep 5, 2018 at 1:30 PM Volmer, John A. <volmer at anl.gov<mailto:volmer at anl.gov>> wrote:
We have used Rod's approach below at ANL.

----- John Volmer, 630.252.5449, volmer at anl.gov<mailto:volmer at anl.gov> -----

-----Original Message-----
From: users <users-bounces at shibboleth.net<mailto:users-bounces at shibboleth.net>> On Behalf Of Rod Widdowson
Sent: Wednesday, September 5, 2018 8:23 AM
To: 'Shib Users' <users at shibboleth.net<mailto:users at shibboleth.net>>
Subject: RE: Shibboleth in Active Directory

Does
https://wiki.shibboleth.net/confluence/display/IDP30/SPNEGOAuthnConfiguration
help?

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180905/cdd0bc26/attachment.html>

More information about the users mailing list