Dear All,
We have a CAS 3.4.2 with SPNEGO which works when accessed through a "dummy" local name (e.g.: https://sso/cas/login). "sso" has been specified on client machine's hosts file as follows: sso 10.123.8.111 Now in the real scenario the CAS server needs to be reachable through the Internet (https://singlesignon.behringer.com/cas/login) with no hosts definition. With this real scenario SPNEGO automatic authentication does NOT work but the CAS "normal" login with an Active Directory backend works fine. This is part of our SPNEGO config: <bean name="jcifsConfig" class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFS Config"> <property name="jcifsServicePrincipal" value="HTTP/singlesignon.behringer....@behringer.corp.intra" /> <property name="jcifsServicePassword" value="secret" /> <property name="kerberosDebug" value="true" /> <property name="kerberosRealm" value="BEHRINGER.CORP.INTRA" /> <property name="kerberosKdc" value="sgdc05.behringer.corp.intra" /> <property name="loginConf" value="/opt/work/local-cas/src/main/webapp/WEB-INF/login.conf" /> </bean> Does this mean that SPNEGO cannot be used over the Internet? Or there is something wrong with our setup? Thank you so much. Kind Regards, BARBOSA, Bernard Senior Administrator, System/Network MUSIC Group Macao Commercial Offshore Limited (Philippines) ROHQ IP Phone: 60651 ext 1245 Tel: +63 2 7505401 ext 1245 Email: infoservsys...@music-group.com <mailto:infoservsys...@music-group.com> Web: www.music-group.com <http://www.music-group.com/> | www.behringer.com <http://www.behringer.com/> | www.bugera-amps.com <http://www.bugera-amps.com/> youtube.com/behringer <http://www.youtube.com/behringer> twitter.com/behringer <http://www.twitter.com/behringer> facebook.com/behringer <http://www.facebook.com/behringer> myspace.com/behringer <http://www.myspace.com/behringer> flickr.com/behringerrocks <http://www.flickr.com/behringerrocks> :-) Build Teamwork :-) Take Ownership :-) Don't Waste Resources :-) Clean Workplace = Clean Mind :-) Respect Guidelines and Policies :-) Improve Yourself and Help Others :-) Don't Forget to Smile and Say Thank You This email is intended exclusively for the addressee(s) named above and may contain privileged and confidential information. If you are not (among) the intended recipient(s), you may not copy, utilize or distribute any of the information contained herein. If you have received this email in error, please notify us immediately via return email and delete the original from your mailbox. Thank you. -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
<<image006.jpg>>
<<image007.jpg>>
<<image008.jpg>>
<<image009.jpg>>
<<image010.jpg>>
