We are using CAS 3.1 with Kerberos authentication at a US Government
site quite sucessfully for the last 2 or 3 years .
Recently, we got a request to use NTLM for users not on the network
In other words, use Kerberos as the primary authentication but if that
fails use NTLM as a fallback.
I can get CAS to work with Kerberos or with NTLM but never both in
the scenario desired
Kerberos first , NTLM second
The two beans SpnegoCredentialsAction and
SpnegoNegoticiateCredentialsAction each have a boolean propery “ntlm”. If
they are set to true, Ntlm authentication is done. If they are set to false ,
Kerberos is done.
I have tried wiring the two set of beans twice . One set of beans with
ntlm property set to true and the second set to false
The two sets of beans areprocessed write after each other in the web
flow.
What happens is the properties of the last set of beans are used.
What I want is Kerberos authentication attempted first.
If that fails, try NTLM
Thanks!
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
