Here is the link to the document from Newcastle (it was posted here previously I believe): https://crypt.ncl.ac.uk/login-gateway/docs/Shibboleth_SPNEGO_Setup.pdf Dave _________________________________________________ Dave Perry eLearning Technologist, Hull College Group Room L34 - Queens Gardens Library Wilberforce Drive, Queen's Gardens, Hull, HU1 3DG Extension 2230 / Direct Dial 01482 381930 * Need a fast reply? Try [log in to unmask] * -----Original Message----- From: Discussion list for Shibboleth developments [mailto:[log in to unmask]] On Behalf Of Agland J.D. Sent: 26 August 2014 10:05 To: [log in to unmask] Subject: Re: Kerberos and LDAP On Tue, 2014-08-26 at 09:17 +0100, Colleen Romero wrote: > Does anyone know how to set up Shibboleth IdP to use Kerberos SSO against Windows Active Directory, but failover to LDAP if user is not logged onto a AD domain member? Any documentation I've seen suggests using source IP address to determine whether they go via Kerberos SSO or not. Obviously, that probably just means machines which are part of said AD domain / infrastructure, and take care to avoid Wireless / BYOD provision in the IP address ranges used. Good reason to have a well-structured and documented network to work with... Cheers Jon -- Jon Agland E-Learning Advisor - Technical Infrastructure –––––––––––––––––––––––––––––––––––––––––––––– Jisc RSC Wales | Jisc RSC Cymru Swansea University | Prifysgol Abertawe Emily Phipps Building | Adeilad Emily Phipps Hendrefoilan | Hendrefoelan Swansea | Abertawe Wales | Cymru SA2 7QW Phone | Ffôn 01792 295548 / 07814 699547 Email [log in to unmask] | Ebost [log in to unmask] http://www.jiscrsc.ac.uk/wales http://blog.rsc-wales.ac.uk http://www.swansea.ac.uk | http://www.abertawe.ac.uk The University welcomes correspondence in Welsh and English | Mae’r Brifysgol yn croesawu gohebiaeth yn Gymraeg ac yn Saesneg. The contents of this email are confidential and for the intended recipient only. If you have received this message in error, please inform the sender and delete the message. | Mae cynnwys yr ebost hwn yn gyfrinachol a dim ond y derbynnydd a fwriadwyd a ddylai ei ddarllen. Os derbynioch y neges mewn camgymeriad, rhowch wybod i’r anfonydd a dilëwch y neges. Swansea University is a registered charity. No. 1138342 | Mae Prifysgol Abertawe yn elusen gofrestredig. Rhif. 1138342 ********************************************************************** This message is sent in confidence for the addressee only. It may contain confidential or sensitive information. The contents are not to be disclosed to anyone other than the addressee. Unauthorised recipients are requested to preserve this confidentiality and to advise us of any errors in transmission. Any views expressed in this message are solely the views of the individual and do not represent the views of the College. Nothing in this message should be construed as creating a contract. Hull College owns the email infrastructure, including the contents. Hull College is committed to sustainability, please reflect before printing this email. ********************************************************************** TEXT