Thanks very much for replying. Sorry for being vague - we'd like the client to obtain a Kerberos ticket, use it to log into the SSO server, which would validate the Kerberos ticket and then allow the client to access the business application.
When the SSO server is specifically CAS, it feels like lots of indirection and round-trips (involving both Kerberos ticket *and* CAS TGC)... So I wondered whether it's really what people do (assuming they want Kerberos)? Or is there some magical "trick" to issue only one ticket (kerberos) and skip the extra TGC? If nothing else, maybe configure CAS to work like ticket-less SOO servers (say, josso)...? Thanks again. --- On Wed, 2/11/09, Scott Battaglia <[email protected]> wrote: From: Scott Battaglia <[email protected]> Subject: Re: [cas-user] CAS + Kerberos integration ? To: [email protected] Date: Wednesday, February 11, 2009, 6:59 AM You'll need clarification from your security people on what Kerberos authentication actually means. If you need each application to speak to Kerberos directly, then CAS won't help you. If you need CAS to speak to Kerberos, you can either use SPNEGO (if you use a Windows system) or the JAAS module to speak to Kerberos and then all of your applications would just speak to CAS. -Scott On Wed, Feb 11, 2009 at 8:30 AM, sol myr <[email protected]> wrote: Hi, We are evaluation CAS. Our security guys require Kerberos authentication (note: all our machines are Windows, servers and clients alike). Now we were wondering: how does CAS support Kerberos, exactly? In particular : Is it possible/customary to configure CAS to use Kerberos tickets *instead* of CAS tickets? Or is it Kerberos tickets *in addition* to CAS tickets (so that the client first obtains a kerberos ticket, which CAS-server validates and then issues a CAS TGC )? Thanks very much. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
