hi.. i was looking into integrating shiro authentication with sso using the spnego http://spnego.sourceforge.net/ and i think i've reached a conclusion... that's it's really not needed, eventually it boils down to splapping an httpfilter on the server, which does the authentication for you.
i'm not exactly sure it works, but i see in getRemoteUser api of httpRequest that my user name shows up if the filter is enabled. so my question is there a way to skip entirely the authentication process and do autorization alone? -- View this message in context: http://shiro-user.582556.n2.nabble.com/skipping-the-authentication-step-becouse-of-spnego-and-sso-tp6558451p6558451.html Sent from the Shiro User mailing list archive at Nabble.com.
