Thank you for your quick reply Rob,

I'll try it.

On Fri, Jul 29, 2011 at 11:50 AM, Rob Crittenden <rcrit...@redhat.com>wrote:

> Rapid Noreapeat wrote:
>
>> Is it possible to integrate my web applications like portal website,
>> helpdesk website, and other web apps login using FreeIPA's login
>> accounts (SSO) like CAS?
>>
>
> It depends. The FreeIPA SSO is Kerberos-based so you'd need to provide
> access to your KDC for this to work. If we're talking external portal then
> you may not want to expose your KDC.
>
> It also requires some configuration. Your browser has to be configured to
> do Negotiate auth against a given domain.  It will also need to trust the
> IPA CA (and since CAS seems at least partially SSL-based you already handle
> this).
>
> I don't know much about CAS other than what I just read on their web site
> but it looks like they handle redirecting when you aren't authenticated,
> seemingly allowing a nice way to mix protected and unprotected data. I think
> you'd have to do much of this configuration yourself in Apache. Probably not
> a huge amount of work though.
>
> So it is basically whatever mod_auth_kerb provides.
>
> rob
>
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to