> It's a bit, um, involved, but it should work, with the user logging in to > CAS once, and then experiencing SSO each time the request traverses the > stack.
The integration path Andrew sketched out doesn't meet the following requirement as I understood it: "Note that simply using LDAP for authenticating against Active Directory is not a good enough solution for us, since it will require the users to login again, instead of relying on their login to our partner's portal." I read the above as the user authenticates to an ADFS-secured portal and it's desirable to leverage that authentication to transparently authenticate to CAS. I'm not aware of any solution that would meet that requirement. The solution Andrew outlined does provide an integration path, but it requires an additional login to CAS for the workflow above. If you could force all users through CAS from the start, then you could achieve true single sign-on, but I imagine that may not be possible. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
