Matthew
I believe the updated version since that PDF was written covers
failover. Our IT people are asking to take a look, as there appears to
be wariness about giving our IdP (in the DMZ) access to Kerberos tickets
- this is without them seeing details, but we have a few months at least
until we have Windows 7 everywhere so there is time.
Dave
David Perry
eLearning Technologist, eLearning Team (L34 - Library)
Hull College Group
Wilberforce Drive, Queen's Gardens, Hull
HU1 3DG
Extension 2230 / Direct Dial 01482 381930
* * * Think about the environment - Do you really need to print this
email?>>> Dr Matthew Williams <[log in to unmask]> 07/02/2013
12:55 >>>
Hello,
Thanks for the link.
The solution is good but only when you have a valid ticket. There is
no
provision for fail over to user name and password if you are not on a
machine joined to the Kerberos domain.
Has anyone managed to get the fail over configured?
Regards,
Matthew.
On 06/02/2013 15:38, Simon Palmer wrote:
> I was interested too, so google'd it ;)
>
http://gfivo.ncl.ac.uk/documents/UsingKerberosticketsfortrueSingleSignOn.pdf
> Si
>
>>>> Sara Hopkins <[log in to unmask]> 06/02/2013 14:58 >>>
> I also would like to know about this, please, Cal!
>
> People often ask us; I confess I hadn't realised this could be done.
<blush>
>
> Sara
>
> On 06/02/2013 14:00, Dr Matthew Williams wrote:
>> Hello,
>>
>> I would be interested in any information about the "true sso".
>>
>> We are run the IdP on Linux against AD.
>>
>> Regards,
>>
>> Matthew.
>>
>> On 06/02/2013 13:49, Alistair Young wrote:
>>>Is that 'out of the box' behaviour with a config change Caleb? Are
there
>>>some docs I could have a look at?
>>>
>>>thanks,
>>>
>>>Alistair
>>>
>>>------------------------------------
>>>Alistair Young
>>>Àrd-Innleadair air Bathar-Bog
>>>UHI@Sabhal Mòr Ostaig
>>>
>>>
>>>From: caleb racey <[log in to unmask]
>>><mailto:[log in to unmask]>>
>>>Reply-To: Discussion list for Shibboleth developments
>>><[log in to unmask]
<mailto:[log in to unmask]>>
>>>Date: Wednesday, 6 February 2013 13:41
>>>To: "[log in to unmask]
>>><mailto:[log in to unmask]>"
<[log in to unmask]
>>><mailto:[log in to unmask]>>
>>>Subject: Re: IdP on Windows vs LDAP
>>>
>>>We run our IdP on unix and having it doing the “true sso”
login
>>>against our active directory i.e. the user doesn’t have to type
a
>>>username or password if already logged into their on campus
desktop.
>>>
>>>
>>>
>>>So you can get all the windows integration goodness on unix
(linux).
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>*From:*Discussion list for Shibboleth developments
>>>[mailto:[log in to unmask]] *On Behalf Of *Alistair
Young
>>>*Sent:* 06 February 2013 11:32
>>>*To:* [log in to unmask]
> <mailto:[log in to unmask]>
>>>*Subject:* IdP on Windows vs LDAP
>>>
>>>
>>>
>>>Hi folks,
>>>
>>>
>>>
>>>I'm pottering around the IdP docs and was wondering if there were
any
>>>advantages in using the IdP on Windows for Active Directory
>>>authentication/attribute gathering:
>>>
>>>
>>>
>>>http://www.ukfederation.org.uk/content/Documents/QuickInstallNotes
>>>
>>>
>>>
>>>as opposed to running the IdP on unix and using LDAP. Does it use
LDAP
>>>in either configuration? Or is there another protocol it will use
if
>>>it's in an AD domain?
>>>
>>>
>>>
>>>thanks,
>>>
>>>
>>>
>>>Alistair
>>>
>>>
>>>
>>>------------------------------------
>>>
>>>Alistair Young
>>>
>>>Senior Software Engineer
>>>
>>>UHI@Sabhal Mòr Ostaig
>>>
>>>
>>>
>>
>
> --
> Sara Hopkins
> Support Team
> UK Access Management Federation for Education and Research
> web: http://www.ukfederation.org.uk/
>
> The University of Edinburgh is a charitable body, registered in
> Scotland, with registration number SC005336.
>
>
> Mae'r e-bost hwn ac unrhyw ffeiliau atodedig yn gyfrinachol ac at
sylw'r
> unigolyn neu'r sefydliad a enwir uchod. Bydd unrhyw farn neu sylwadau
a
> fynegir yn perthyn i'r awdur yn unig ac ni chynrychiolant o
anghenraid
> farn Coleg Sir Gâr. Os ydych chi wedi derbyn yr e-bost hwn ar gam,
> rhowch sylw i'r gweinyddwr ar y cyfeiriad canlynol:
> [log in to unmask]
> Cysidrwch yr amgylchedd - a oes wir angen argraffu'r ebost hwn?
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
are
> addressed. Any views or opinions expressed are solely those of the
> author and do not necessarily represent those of Coleg Sir Gâr. If
you
> have received this email in error please notify the administrator on
the
> following address: [log in to unmask]
> Please consider the environment - do you really need to print this
email?
--
Dr Matthew Williams MEng PhD MBCS
Systems Administrator - IT Services - Bangor University
Prifysgol Bangor Tel: (44) (0)1248 382414
Adeilad Deiniol Mob: (44) (0)7979 778269
Ffordd Deiniol URL: www.bangor.ac.uk
Bangor, Gwynedd LL57 2UX EMail: [log in to unmask]
--
Rhif Elusen Gofrestredig / Registered Charity No. 1141565
Gall y neges e-bost hon, ac unrhyw atodiadau a anfonwyd gyda hi,
gynnwys deunydd cyfrinachol ac wedi eu bwriadu i'w defnyddio'n unig
gan y sawl y cawsant eu cyfeirio ato (atynt). Os ydych wedi derbyn y
neges e-bost hon trwy gamgymeriad, rhowch wybod i'r anfonwr ar
unwaith a dilwch y neges. Os na fwriadwyd anfon y neges atoch chi,
rhaid i chi beidio defnyddio, cadw neu ddatgelu unrhyw wybodaeth a
gynhwysir ynddi. Mae unrhyw farn neu safbwynt yn eiddo i'r sawl a'i
hanfonodd yn unig ac nid yw o anghenraid yn cynrychioli barn
Prifysgol Bangor. Nid yw Prifysgol Bangor yn gwarantu
bod y neges e-bost hon neu unrhyw atodiadau yn rhydd rhag firysau neu
100% yn ddiogel. Oni bai fod hyn wedi ei ddatgan yn uniongyrchol yn
nhestun yr e-bost, nid bwriad y neges e-bost hon yw ffurfio contract
rhwymol - mae rhestr o lofnodwyr awdurdodedig ar gael o Swyddfa
Cyllid Prifysgol Bangor. www.bangor.ac.uk
This email and any attachments may contain confidential material and
is solely for the use of the intended recipient(s). If you have
received this email in error, please notify the sender immediately
and delete this email. If you are not the intended recipient(s), you
must not use, retain or disclose any information contained in this
email. Any views or opinions are solely those of the sender and do
not necessarily represent those of Bangor University.
Bangor University does not guarantee that this email or
any attachments are free from viruses or 100% secure. Unless
expressly stated in the body of the text of the email, this email is
not intended to form a binding contract - a list of authorised
signatories is available from the Bangor University Finance
Office. www.bangor.ac.uk
**********************************************************************
This message is sent in confidence for the addressee
only. It may contain confidential or sensitive
information. The contents are not to be disclosed
to anyone other than the addressee. Unauthorised
recipients are requested to preserve this
confidentiality and to advise us of any errors in
transmission. Any views expressed in this message
are solely the views of the individual and do not
represent the views of the College. Nothing in this
message should be construed as creating a contract.
Hull College owns the email infrastructure, including the contents.
Hull College is committed to sustainability, please reflect before printing this email.
**********************************************************************
|