We're looking at failing over to AD authentication, for IE8 users. Rather than try out SPNEGO at the mo, we're looking to authenticate with AD over LDAP. But our AD "single forest" presents us with no less than 4 LDAP instances that our users are spread across - so I was thinking we might have to create 4 LDAP authentication handlers, which can each be tried in turn (with the same credentials). Resolving to principal in this case would benefit from a direct mapping between authentication handler and credentials to principal resolver.
An alternate approach may be to use Kerberos (via JAAS). But its not clear from the docs what the principal will be populated with via this method (we need the realm+uid in a single string)
Any tips welcome! Cheers Andy -- Andy Cowling | UK Core IT Interactive Data Managed Solutions Ltd ------------------------------------------------------------------------------------------------------------------------------- Suite 1101, Eagle Tower | Montpellier Drive | Cheltenham GL50 1TA | UK Tel: +44 (0)1242 6941 15 | Fax: +44 (0)1242 6941 01[email protected] http://www.interactivedata-ms.com <http://www.interactivedata-ms.com/>
This message (including any files transmitted with it) may contain confidential and/or proprietary information, is the property of Interactive Data Corporation and/or its subsidiaries, and is directed only to the addressee(s). If you are not the designated recipient or have reason to believe you received this message in
error, please delete this message from your system and notify the senderimmediately. An unintended recipient's disclosure, copying, distribution, or
use of this message or any attachments is prohibited and may be unlawful.Interactive Data (Europe) Ltd Registered No. 949387 England Registered Office:
Fitzroy House 13-17 Epworth Street. London. EC2A 4DL
smime.p7s
Description: S/MIME Cryptographic Signature
