On Tue, 2014-08-26 at 09:17 +0100, Colleen Romero wrote:
> Does anyone know how to set up Shibboleth IdP to use Kerberos SSO against Windows Active Directory, but failover to LDAP if user is not logged onto a AD domain member?
Any documentation I've seen suggests using source IP address to
determine whether they go via Kerberos SSO or not. Obviously, that
probably just means machines which are part of said AD domain /
infrastructure, and take care to avoid Wireless / BYOD provision in the
IP address ranges used.
Good reason to have a well-structured and documented network to work
with...
Cheers
Jon
--
Jon Agland
E-Learning Advisor - Technical Infrastructure
––––––––––––––––––––––––––––––––––––––––––––––
Jisc RSC Wales | Jisc RSC Cymru
Swansea University | Prifysgol Abertawe
Emily Phipps Building | Adeilad Emily Phipps
Hendrefoilan | Hendrefoelan
Swansea | Abertawe
Wales | Cymru
SA2 7QW
Phone | Ffôn 01792 295548 / 07814 699547
Email [log in to unmask] | Ebost [log in to unmask]
http://www.jiscrsc.ac.uk/wales
http://blog.rsc-wales.ac.uk
http://www.swansea.ac.uk | http://www.abertawe.ac.uk
The University welcomes correspondence in Welsh and English | Mae’r Brifysgol yn croesawu gohebiaeth yn Gymraeg ac yn Saesneg.
The contents of this email are confidential and for the intended recipient only. If you have received this message in error, please inform the sender and delete the message. | Mae cynnwys yr ebost hwn yn gyfrinachol a dim ond y derbynnydd a fwriadwyd a ddylai ei ddarllen. Os derbynioch y neges mewn camgymeriad, rhowch wybod i’r anfonydd a dilëwch y neges.
Swansea University is a registered charity. No. 1138342 | Mae Prifysgol Abertawe yn elusen gofrestredig. Rhif. 1138342
|