Yup kerebros is the underlying "true SSO" supporting tech. Don't worry it's wonderful when it works :-)
Mind you when it doesn't work it spits opaque errors at you that take about a week of forensic work to figure out the meaning of :-(
We are happy to talk people through our setup, I'll have a chat with our shib genius (Chris Franks) and see if we can come up with something. We have made all the info publically available but it's probably spread across several different media.
Cal
>-----Original Message-----
>From: Discussion list for Shibboleth developments [mailto:JISC-
>[log in to unmask]] On Behalf Of Sara Hopkins
>Sent: 06 February 2013 18:13
>To: [log in to unmask]
>Subject: Re: IdP on Windows vs LDAP
>
>So we're definitely talking Kerberos for this stuff are we? I was hoping
>that I would never have to touch that... 8-(
>
>Cal, is Kerberos your solution for this?
>
>Cheers,
>
>Sara
>
>On 06/02/2013 15:43, David Perry wrote:
>> If I remember correctly, this has since been adapted so that if you are
>> off site you get a friendly login page. I've lost Caleb's email, but I'm
>> sure they said I could get the revised details ;)
>> I've been trying to compile the Shibboleth kerb login handler and one
>> thing after another stopped it compiling :(
>>
>> Dave
>>
>> David Perry
>> eLearning Technologist, eLearning Team (L34 - Library)
>> Hull College Group
>> Wilberforce Drive, Queen's Gardens, Hull
>> HU1 3DG
>> Extension 2230 / Direct Dial 01482 381930
>>
>>
>>
>>
>>
>> * * * Think about the environment - Do you really need to print this
>> email?>>> Simon Palmer <[log in to unmask]>
>06/02/2013 15:38
>>>>>
>> I was interested too, so google'd it ;)
>>
>http://gfivo.ncl.ac.uk/documents/UsingKerberosticketsfortrueSingleSignOn.p
>df
>>
>> Si
>>
>>>>> Sara Hopkins <[log in to unmask]> 06/02/2013 14:58 >>>
>> I also would like to know about this, please, Cal!
>>
>> People often ask us; I confess I hadn't realised this could be done.
>> <blush>
>>
>> Sara
>>
>> On 06/02/2013 14:00, Dr Matthew Williams wrote:
>>> Hello,
>>>
>>> I would be interested in any information about the "true sso".
>>>
>>> We are run the IdP on Linux against AD.
>>>
>>> Regards,
>>>
>>> Matthew.
>>>
>>> On 06/02/2013 13:49, Alistair Young wrote:
>>>> Is that 'out of the box' behaviour with a config change Caleb? Are
>> there
>>>> some docs I could have a look at?
>>>>
>>>> thanks,
>>>>
>>>> Alistair
>>>>
>>>> ------------------------------------
>>>> Alistair Young
>>>> Àrd-Innleadair air Bathar-Bog
>>>> UHI@Sabhal Mòr Ostaig
>>>>
>>>>
>>>> From: caleb racey <[log in to unmask]
>>>> <mailto:[log in to unmask]>>
>>>> Reply-To: Discussion list for Shibboleth developments
>>>> <[log in to unmask]
>> <mailto:[log in to unmask]>>
>>>> Date: Wednesday, 6 February 2013 13:41
>>>> To: "[log in to unmask]
>>>> <mailto:[log in to unmask]>"
>> <[log in to unmask]
>>>> <mailto:[log in to unmask]>>
>>>> Subject: Re: IdP on Windows vs LDAP
>>>>
>>>> We run our IdP on unix and having it doing the “true sso”
>> login
>>>> against our active directory i.e. the user doesn’t have to type
>> a
>>>> username or password if already logged into their on campus
>> desktop.
>>>>
>>>>
>>>>
>>>> So you can get all the windows integration goodness on unix
>> (linux).
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> *From:*Discussion list for Shibboleth developments
>>>> [mailto:[log in to unmask]] *On Behalf Of *Alistair
>> Young
>>>> *Sent:* 06 February 2013 11:32
>>>> *To:* [log in to unmask]
>> <mailto:[log in to unmask]>
>>>> *Subject:* IdP on Windows vs LDAP
>>>>
>>>>
>>>>
>>>> Hi folks,
>>>>
>>>>
>>>>
>>>> I'm pottering around the IdP docs and was wondering if there were
>> any
>>>> advantages in using the IdP on Windows for Active Directory
>>>> authentication/attribute gathering:
>>>>
>>>>
>>>>
>>>> http://www.ukfederation.org.uk/content/Documents/QuickInstallNotes
>>>>
>>>>
>>>>
>>>> as opposed to running the IdP on unix and using LDAP. Does it use
>> LDAP
>>>> in either configuration? Or is there another protocol it will use
>> if
>>>> it's in an AD domain?
>>>>
>>>>
>>>>
>>>> thanks,
>>>>
>>>>
>>>>
>>>> Alistair
>>>>
>>>>
>>>>
>>>> ------------------------------------
>>>>
>>>> Alistair Young
>>>>
>>>> Senior Software Engineer
>>>>
>>>> UHI@Sabhal Mòr Ostaig
>>>>
>>>>
>>>>
>>>
>>
>
>--
>Sara Hopkins
>Support Team
>UK Access Management Federation for Education and Research
>web: http://www.ukfederation.org.uk/
>
>The University of Edinburgh is a charitable body, registered in
>Scotland, with registration number SC005336.
|