Thank you for your quick reply Rob,

I'll try it.

On Fri, Jul 29, 2011 at 11:50 AM, Rob Crittenden <>wrote:

> Rapid Noreapeat wrote:
>> Is it possible to integrate my web applications like portal website,
>> helpdesk website, and other web apps login using FreeIPA's login
>> accounts (SSO) like CAS?
> It depends. The FreeIPA SSO is Kerberos-based so you'd need to provide
> access to your KDC for this to work. If we're talking external portal then
> you may not want to expose your KDC.
> It also requires some configuration. Your browser has to be configured to
> do Negotiate auth against a given domain.  It will also need to trust the
> IPA CA (and since CAS seems at least partially SSL-based you already handle
> this).
> I don't know much about CAS other than what I just read on their web site
> but it looks like they handle redirecting when you aren't authenticated,
> seemingly allowing a nice way to mix protected and unprotected data. I think
> you'd have to do much of this configuration yourself in Apache. Probably not
> a huge amount of work though.
> So it is basically whatever mod_auth_kerb provides.
> rob
Freeipa-users mailing list

Reply via email to