SPNEGO unavailability and error handling
Simon Lundström
simlu at su.se
Fri Sep 27 08:50:48 EDT 2019
On Thu, 2019-09-26 at 22:50:59 +0200, Wessel, Keith wrote:
> […]
>2. Is there any easy way to get the IdP to simply display the IdP login page (fall through to the password authentication flow) if SPNEGO is unavailable? I know easy is relative, but I''m at a loss of any way to do it at all other than the activation conditions one can associate with the SPNEGO flow. For us, limiting to IP space is far from sufficient since we have so many devices not joined to the domain on our network.
We have a terrible hack via the mod_auth_gssapi Apache module for
"whitelisted" browsers but it seems that when IE dies, as per my other
mail in this thread to Daniel, we can discontinue it.
I have also "blacklisted" Chrome from SPNEGO so I can use it for testing
the UserPassword flow without kdestroy/disabling SPNEGO in Chrome/other
hacks. But don't tell anyone! ; P
BR,
- Simon
More information about the users
mailing list