Hello Arnaud, IE only uses the SPNEGO/NTLM handshake to servers which are in the intranet zone.
You could specify a DNS name which are seen as "foreign". Regards, Heinz On Wed, Jul 29, 2009 at 11:51, Arnaud Claden<[email protected]> wrote: > Hello everyone, > > I have a little problem with my implementation of CAS. > > I have tested the Active Directory SSO with SPNEGO : it works like a charm. > I have tested the fallback to LDAP : it works like a charm. > > The problem I have is the following : > > Some workstations are in offshore offices, which means they are not connected > to the Active Directory. For them, the LDAP fallback is the solution. > However, when Internet Explorer browses to a site with SSO, it displays a > domain logon window. > This is natural as these workstations have no security option configured (and > they are not intended to have these modifications). > > Is there a way to prevent this from happening ? > > If there is none, we are implementing another CAS server for these cases (a > server only validating on LDAP), but how can I have it work right, as the web > applications are only configured for one CAS server, and not two. Is there a > way to check the browser's IP address and, depending on it, sending auth to > SPNEGO or to LDAP ? > > Thanks in advance for your answers. > > A. Claden > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
