I am not able utilize SPNEGO with CAS (3.4.n/3.5.n). Computers/mobile devices
not configured for SPNEGO or outside AD are not redirected to the fallback
login form page. I get a 401 error page instead.
I have been able to make it work in a dev cluster by creating a custom
user-agent string and adding the string to
SpnegoNegociateCredentialsAction.java.
public void afterPropertiesSet() throws Exception {
if (this.supportedBrowser == null) {
this.supportedBrowser = new ArrayList<String>();
this.supportedBrowser.add("my-custom-string");
}
Desktop support does not want to modify user-agent string in GPO because of the
multiple browsers on each computer. Also every browser update resets the
user-agent string.
List of related SPNEGO problems.
https://issues.jasig.org/browse/CAS/component/10340
Questions.
Is there anyone using SPNEGO in a production environment?
Did you make any modifications to the CAS source code?
If so could you share your documentation?
I am wondering if adding a cas entry to the local /etc/hosts file on AD
computers that would redirect the browsers to a SPNEGO only host(s) in a
cluster would work using maybe a LB rewrite rule?
Thanks,
Tom
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
