We’re also using SPNEGO (Kerberos) to do our single sign-on solution here, and wanted to jump in to clarify that Kerberos is a protocol and not a type of server in this context. As such, when using this setup, the AD Domain Controller speaks Kerberos with the end-user and with the CAS server, but most importantly, users don’t need separate accounts to be added to different servers for the setup to work. The hardest part of the setup for a lot of folks is just getting the client machines all to be willing to have the Kerberos conversation in the first place (if you use IE or Chrome as the standard browser this is fairly straightforward for your domain admin; Firefox is frankly a pain).
-- Ne Desit Virtus, Sean R. Baker 1LT, MS United States Army Office #: (301) 319-0712 Email: [email protected] On Feb 6, 2014, at 12:43 AM, Idan Fridman <[email protected]> wrote: > Hi Angelo, > That’s means that I need to instruct our IT department that each new user > which will be added to AD also will need to be added into Kerberos server? > > > > From: Angelo Immediata [mailto:[email protected]] > Sent: Thursday, February 06, 2014 10:37 AM > To: [email protected] > Subject: Re: [cas-user] Authentication to cas using windows user credentials > automatically > > hi Ray > > Yes you have to use a Kerberos server and also AD > As far as I know this is the only way to use SPNEGO > > Angelo > > 2014-02-06 Idan Fridman <[email protected]>: > Hi Angelo, > I was wonder if I must use Kerberos for this feature? We are using Active > Directory. > > Thanks, > Ray. > > From: Angelo Immediata [mailto:[email protected]] > Sent: Wednesday, February 05, 2014 5:09 PM > To: [email protected] > Subject: Re: [cas-user] Authentication to cas using windows user credentials > automatically > > hi > > Maybe you can see this: https://wiki.jasig.org/display/CASUM/SPNEGO > I hope it can help > > Angelo > > 2014-02-05 Constance Morris <[email protected]>: > Hi Ray, > > We have done that with our CAS services. > I'm tied up at the moment, but will be glad to send you the details to put in > your files as soon as I have the chance. > > Constance > [email protected] > > -----Original Message----- > From: ray [mailto:[email protected]] > Sent: Wednesday, February 05, 2014 4:03 AM > To: [email protected] > Subject: [cas-user] Authentication to cas using windows user credentials > automatically > > We using CAS as our authentication service for our apps. > CAS is connected to our Active directory. > > When users in our organization log in to windows they logging via the same AD > nodes. > > Is it possible to configure CAS somehow(or any other way) when a user is > logging in to windows he will be considered authenticated to CAS and therefor > will be automatically authenticate to all our sso apps? > > Any idea's would be warmly welcomed. > > thanks. > -- > You are currently subscribed to [email protected] as: > [email protected] To unsubscribe, change settings or access archives, > see http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > This e-mail and the information it contains may be privileged and/or > confidential. It is intended solely for the use of the named recipient(s). If > you are not the intended recipient you may not disclose, copy, distribute or > retain any part of this message or attachments. If you have received this > e-mail in error please notify the sender immediately [by clicking 'Reply'] > and delete this e-mail. > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > This e-mail and the information it contains may be privileged and/or > confidential. It is intended solely for the use of the named recipient(s). If > you are not the intended recipient you may not disclose, copy, distribute or > retain any part of this message or attachments. If you have received this > e-mail in error please notify the sender immediately [by clicking 'Reply'] > and delete this e-mail. > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
