HI! We've set up a CAS instance (3.3.1) over a year ago and tested it thoroughly with MS IE 6 running under Windows 2000 and Firefox running under various Windows versions. It worked just fine with SPNEGO/Kerberos (NTLM is explicitly disabled in CAS config).
Now after a general update of the user workstations to Windows XP with MS IE 7 or 8 there are problems on many machines not authenticating via SPNEGO/Kerberos anymore. It works on some workstations. Upgrading to 3.3.5 didn't help either. The CAS server's domain is in the Intranet zone and all the relevant settings (also enabling integrated authentication) are set via group policy for all users anyway. We tried to track down the issue but did not succeed. I have no real clue anymore. So the question what happened in the mean-time? Maybe the browser SPNEGO whitelist preventing the browser from getting the correct headers? http://www.ja-sig.org/issues/browse/CAS-638 I've never been successful extending the list of supported browsers: http://www.mail-archive.com/[email protected]/msg07288.html Would be great to get some hints by the CAS community. Ciao, Michael. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
