On 07/02/2013 11:19, "Jon Warbrick" <[log in to unmask]> wrote:
>On Thu, 7 Feb 2013, caleb racey wrote:
>
>> Yup kerebros is the underlying "true SSO" supporting tech. Don't worry
>> it's wonderful when it works :-)
>>
>> Mind you when it doesn't work it spits opaque errors at you that take
>> about a week of forensic work to figure out the meaning of :-(
>>
>> We are happy to talk people through our setup, I'll have a chat with
>>our
>> shib genius (Chris Franks) and see if we can come up with something. We
>> have made all the info publically available but it's probably spread
>> across several different media.
>
>I think you would save a lot of people (including me) a lot of work if
>you
>could document what you've done and any of the issues you know about. I
>at
>least would be very grateful.
+1 </aol>
We did have it working a few years ago, but it wasn't reliable with
windows Vista - can't remember the details, this was back with Sun Access
Manager so a fair while ago when Vista was new and shiny.
Given we are currently working on rolling out Office 365 behind Shib/ECP,
and we have SAML2 sign on now between shib, our noodle and our student
data system it seems natural to revisit desktop SSO next.
Failing back nicely on machines that weren't in the domain was also a bit
odd IIRC, but I suspect that was Suns fault and not necessarily something
fundamental (he says, hopefully)
Thanks,
Darren
|