> How will we be able to accomplish CAS SSO between each forest? If you would like to treat all domains as a single authentication source, you should be able to accomplish that goal with the LDAP authentication handler pointing at the global catalog. (I have never tried this but my Microsoft colleagues have claimed that the global catalog is or can be truly global across both domains and forests.)
If you want to treat the forests as separate authentication sources, then CAS is not likely the right solution. We typically advise that CAS deployers have a single/unified logical authentication source. It can be distributed in practice but needs to be logically unified such that every principal is unique in the global namespace. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
