Hi,
probably it's an unusual solution, but we added the Waffle framework (see https://github.com/dblock/waffle ) to CAS and delegate the Windows authentication to it (which in turn delegates it to native Windows functionality).
This requires that CAS runs on a Windows server, but has the advantage that it does not need any specific configuration at all (at least not in our environment; probably depends on how the system landscape is set up).
Regards, Guido
Gesendet: Donnerstag, 06. Februar 2014 um 17:06 Uhr
Von: "Sean Baker" <[email protected]>
An: [email protected]
Betreff: Re: [cas-user] Authentication to cas using windows user credentials automatically
Von: "Sean Baker" <[email protected]>
An: [email protected]
Betreff: Re: [cas-user] Authentication to cas using windows user credentials automatically
We’re also using SPNEGO (Kerberos) to do our single sign-on solution here, and wanted to jump in to clarify that Kerberos is a protocol and not a type of server in this context. As such, when using this setup, the AD Domain Controller speaks Kerberos with the end-user and with the CAS server, but most importantly, users don’t need separate accounts to be added to different servers for the setup to work. The hardest part of the setup for a lot of folks is just getting the client machines all to be willing to have the Kerberos conversation in the first place (if you use IE or Chrome as the standard browser this is fairly straightforward for your domain admin; Firefox is frankly a pain).
--
Ne Desit Virtus,
Sean R. Baker
1LT, MS
United States Army
Office #: (301) 319-0712
Email: [email protected]
--
Ne Desit Virtus,
Sean R. Baker
1LT, MS
United States Army
Office #: (301) 319-0712
Email: [email protected]
On Feb 6, 2014, at 12:43 AM, Idan Fridman <[email protected]> wrote:
This e-mail and the information it contains may be privileged and/or confidential. It is intended solely for the use of the named recipient(s). If you are not the intended recipient you may not disclose, copy, distribute or retain any part of this message or attachments. If you have received this e-mail in error please notify the sender immediately [by clicking 'Reply'] and delete this e-mail.Hi Angelo,That’s means that I need to instruct our IT department that each new user which will be added to AD also will need to be added into Kerberos server?
From: Angelo Immediata [mailto:[email protected]]
Sent: Thursday, February 06, 2014 10:37 AM
To: [email protected]
Subject: Re: [cas-user] Authentication to cas using windows user credentials automatically
hi Ray
Yes you have to use a Kerberos server and also ADAs far as I know this is the only way to use SPNEGO
Angelo2014-02-06 Idan Fridman <[email protected]>:Hi Angelo,I was wonder if I must use Kerberos for this feature? We are using Active Directory.
Thanks,Ray.
From: Angelo Immediata [mailto:[email protected]]
Sent: Wednesday, February 05, 2014 5:09 PM
To: [email protected]
Subject: Re: [cas-user] Authentication to cas using windows user credentials automatically
2014-02-05 Constance Morris <[email protected]>:Hi Ray,
We have done that with our CAS services.
I'm tied up at the moment, but will be glad to send you the details to put in your files as soon as I have the chance.
Constance
[email protected]
-----Original Message-----
From: ray [mailto:[email protected]]
Sent: Wednesday, February 05, 2014 4:03 AM
To: [email protected]
Subject: [cas-user] Authentication to cas using windows user credentials automatically
We using CAS as our authentication service for our apps.
CAS is connected to our Active directory.
When users in our organization log in to windows they logging via the same AD nodes.
Is it possible to configure CAS somehow(or any other way) when a user is logging in to windows he will be considered authenticated to CAS and therefor will be automatically authenticate to all our sso apps?
Any idea's would be warmly welcomed.
thanks.
--
You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as: [email protected]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
-- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-userThis e-mail and the information it contains may be privileged and/or confidential. It is intended solely for the use of the named recipient(s). If you are not the intended recipient you may not disclose, copy, distribute or retain any part of this message or attachments. If you have received this e-mail in error please notify the sender immediately [by clicking 'Reply'] and delete this e-mail.-- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
-- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user-- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as: [email protected]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
