Hi Oswald, You can configure CAS to authenticate against multiple domains, but if the domains are all under a single forest, then you might try configuring the ldap queries to go against the Global Catalog (http://technet.microsoft.com/en-us/library/cc728188%28v=ws.10%29.aspx). Then the authentication request hits all the domains at one time instead of iterating over each one.
I'm not sure where ADFS comes into your vision unless you use something like https://github.com/Unicon/cas-adfs-integration. Please note that if you go with something like the cas-server-support-wsfederation module, it has not been update for CAS Server 4.0 yet, but the ADFS CASification method should work. On 9/15/14 7:42 PM, Oswald Lu wrote: > Hi, > > I have problem when configuring CAS server 4.0 to authenticated > against multiple AD domain. > There will be many AD domains under a forest root, sure, they are > trusted by the root domain. > If the authenticationManager supports multiple entry for multiple > domains, will it authenticate > these domains one by one like a queue sequence? Then the domain > listed on the last with > endure a time elapse for authenticating preceding domains? > If I use UPN as the principalIdAttribute, how to configure the CAS to > match a certain entry in > authentication Manger? How about use ADFS? If ADFS can solve > multiple domain issue? > Thanks for any information and advice. > > Oswald. > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
