I am not sure I am entirely clear on your use case. You want to implement "computer auth" or domain-based AuthN via FrenchConnect's OIDC support?
To answer your other questions: Authentication can always be delegated to an external provider, such as another CAS server, a SAML2 IDP, an OIDC/OpenID provider, FB, Twitter, G+, etc. These are web-based. Not domain-based. There is no straight forward way to do this. In a nutshell and as a first, you need to know which OIDC profiles FrenchConnect supports. If they support implicit or hybrid, we can talk more. Otherwise, this is probably not possible without a whole lot of pain assuming I have understood your case correctly. > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of Julien > Gribonvald > Sent: Tuesday, June 28, 2016 3:56 AM > To: [email protected] > Subject: [cas-user] Reflexion around SPNEGO authentication and external > IDP > > Hi, > > In ESUP consortium we are looking for a way to do some possible use case > on > how to integrating the new French government central "identity provider", > that > french's administrations services will be able to integrate to > authenticate all > french peoples on their apps (FranceConnect and it use openId connect > protocol). > > So we know it's possible to integrate it without too much difficulties, we > need > only to use this service as authentication handler, but we have some > workflow > to develop. Our problems aren't for web authentication but on computer's > auth > (when using SPNEGO/kerberos...). > > How can we do when the account's principals (login/password) are not known > "localy" ? in this case how to do ? or how to delegate the computer > authentication on a web only external service ? > Is their a way or is it possible to connect the user from a web access > when the > user log in from a computer ? > > Reflexions are also welcome for a such use case ! > > Thanks, > -- > Julien Gribonvald > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email > to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at > https://groups.google.com/a/apereo.org/group/cas-user/. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas- > user/577257A5.7010506%40recia.fr. > For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/008701d1d187%24cc7a6ae0%24656f40a0%24%40unicon.net. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
