Hello,
Thanks for the link.
The solution is good but only when you have a valid ticket. There is no
provision for fail over to user name and password if you are not on a
machine joined to the Kerberos domain.
Has anyone managed to get the fail over configured?
Regards,
Matthew.
On 06/02/2013 15:38, Simon Palmer wrote:
> I was interested too, so google'd it ;)
> http://gfivo.ncl.ac.uk/documents/UsingKerberosticketsfortrueSingleSignOn.pdf
> Si
>
>>>> Sara Hopkins <[log in to unmask]> 06/02/2013 14:58 >>>
> I also would like to know about this, please, Cal!
>
> People often ask us; I confess I hadn't realised this could be done. <blush>
>
> Sara
>
> On 06/02/2013 14:00, Dr Matthew Williams wrote:
>> Hello,
>>
>> I would be interested in any information about the "true sso".
>>
>> We are run the IdP on Linux against AD.
>>
>> Regards,
>>
>> Matthew.
>>
>> On 06/02/2013 13:49, Alistair Young wrote:
>>>Is that 'out of the box' behaviour with a config change Caleb? Are there
>>>some docs I could have a look at?
>>>
>>>thanks,
>>>
>>>Alistair
>>>
>>>------------------------------------
>>>Alistair Young
>>>Àrd-Innleadair air Bathar-Bog
>>>UHI@Sabhal Mòr Ostaig
>>>
>>>
>>>From: caleb racey <[log in to unmask]
>>><mailto:[log in to unmask]>>
>>>Reply-To: Discussion list for Shibboleth developments
>>><[log in to unmask] <mailto:[log in to unmask]>>
>>>Date: Wednesday, 6 February 2013 13:41
>>>To: "[log in to unmask]
>>><mailto:[log in to unmask]>" <[log in to unmask]
>>><mailto:[log in to unmask]>>
>>>Subject: Re: IdP on Windows vs LDAP
>>>
>>>We run our IdP on unix and having it doing the “true sso” login
>>>against our active directory i.e. the user doesn’t have to type a
>>>username or password if already logged into their on campus desktop.
>>>
>>>
>>>
>>>So you can get all the windows integration goodness on unix (linux).
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>*From:*Discussion list for Shibboleth developments
>>>[mailto:[log in to unmask]] *On Behalf Of *Alistair Young
>>>*Sent:* 06 February 2013 11:32
>>>*To:* [log in to unmask]
> <mailto:[log in to unmask]>
>>>*Subject:* IdP on Windows vs LDAP
>>>
>>>
>>>
>>>Hi folks,
>>>
>>>
>>>
>>>I'm pottering around the IdP docs and was wondering if there were any
>>>advantages in using the IdP on Windows for Active Directory
>>>authentication/attribute gathering:
>>>
>>>
>>>
>>>http://www.ukfederation.org.uk/content/Documents/QuickInstallNotes
>>>
>>>
>>>
>>>as opposed to running the IdP on unix and using LDAP. Does it use LDAP
>>>in either configuration? Or is there another protocol it will use if
>>>it's in an AD domain?
>>>
>>>
>>>
>>>thanks,
>>>
>>>
>>>
>>>Alistair
>>>
>>>
>>>
>>>------------------------------------
>>>
>>>Alistair Young
>>>
>>>Senior Software Engineer
>>>
>>>UHI@Sabhal Mòr Ostaig
>>>
>>>
>>>
>>
>
> --
> Sara Hopkins
> Support Team
> UK Access Management Federation for Education and Research
> web: http://www.ukfederation.org.uk/
>
> The University of Edinburgh is a charitable body, registered in
> Scotland, with registration number SC005336.
>
>
> Mae'r e-bost hwn ac unrhyw ffeiliau atodedig yn gyfrinachol ac at sylw'r
> unigolyn neu'r sefydliad a enwir uchod. Bydd unrhyw farn neu sylwadau a
> fynegir yn perthyn i'r awdur yn unig ac ni chynrychiolant o anghenraid
> farn Coleg Sir Gâr. Os ydych chi wedi derbyn yr e-bost hwn ar gam,
> rhowch sylw i'r gweinyddwr ar y cyfeiriad canlynol:
> [log in to unmask]
> Cysidrwch yr amgylchedd - a oes wir angen argraffu'r ebost hwn?
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they are
> addressed. Any views or opinions expressed are solely those of the
> author and do not necessarily represent those of Coleg Sir Gâr. If you
> have received this email in error please notify the administrator on the
> following address: [log in to unmask]
> Please consider the environment - do you really need to print this email?
--
Dr Matthew Williams MEng PhD MBCS
Systems Administrator - IT Services - Bangor University
Prifysgol Bangor Tel: (44) (0)1248 382414
Adeilad Deiniol Mob: (44) (0)7979 778269
Ffordd Deiniol URL: www.bangor.ac.uk
Bangor, Gwynedd LL57 2UX EMail: [log in to unmask]
--
Rhif Elusen Gofrestredig / Registered Charity No. 1141565
Gall y neges e-bost hon, ac unrhyw atodiadau a anfonwyd gyda hi,
gynnwys deunydd cyfrinachol ac wedi eu bwriadu i'w defnyddio'n unig
gan y sawl y cawsant eu cyfeirio ato (atynt). Os ydych wedi derbyn y
neges e-bost hon trwy gamgymeriad, rhowch wybod i'r anfonwr ar
unwaith a dilwch y neges. Os na fwriadwyd anfon y neges atoch chi,
rhaid i chi beidio defnyddio, cadw neu ddatgelu unrhyw wybodaeth a
gynhwysir ynddi. Mae unrhyw farn neu safbwynt yn eiddo i'r sawl a'i
hanfonodd yn unig ac nid yw o anghenraid yn cynrychioli barn
Prifysgol Bangor. Nid yw Prifysgol Bangor yn gwarantu
bod y neges e-bost hon neu unrhyw atodiadau yn rhydd rhag firysau neu
100% yn ddiogel. Oni bai fod hyn wedi ei ddatgan yn uniongyrchol yn
nhestun yr e-bost, nid bwriad y neges e-bost hon yw ffurfio contract
rhwymol - mae rhestr o lofnodwyr awdurdodedig ar gael o Swyddfa
Cyllid Prifysgol Bangor. www.bangor.ac.uk
This email and any attachments may contain confidential material and
is solely for the use of the intended recipient(s). If you have
received this email in error, please notify the sender immediately
and delete this email. If you are not the intended recipient(s), you
must not use, retain or disclose any information contained in this
email. Any views or opinions are solely those of the sender and do
not necessarily represent those of Bangor University.
Bangor University does not guarantee that this email or
any attachments are free from viruses or 100% secure. Unless
expressly stated in the body of the text of the email, this email is
not intended to form a binding contract - a list of authorised
signatories is available from the Bangor University Finance
Office. www.bangor.ac.uk
|