 |
 |
Hi David, No, I'm not doing this, but here is what Newcastle Uni did: http://gfivo.ncl.ac.uk/documents/UsingKerberosticketsfortrueSingleSignOn.pdf fyi, if you can do similar: We achieve desktop SSO because our idp's login page is "protected" (SSO'd) using NetIQ Access Manager (Our institution's reverse proxy, LB, ssl offload, SSO system). Simon Palmer Head of Development Colegsirgâr e-mail: [log in to unmask] tel: 01554 748088 www.colegsirgar.ac.uk >>> David Perry <[log in to unmask]> 22/10/2012 14:35 >>> Hi all Does anyone have any experience deploying this? Onto a linux (SLES 10 SP4) IdP. I've installed the Kerberos client stuff (I *think* - got krb5, krb5-32bit, krb5-client, yast2-kerberos-client packges installed), but mod_auth_kerb for Apache won't build - it's complaining no Kerberos environment is setup yet, probably because until IT figure out what Kerberos ports are needed and these are opened, I can't configure the client to talk to our AD server. I've read the Kerberos login handler config example on this page: https://wiki.shibboleth.net/confluence/display/SHIB2/Kerberos+Login+Handler (handler.xml configuration) and am unsure what domains should go where in the krb:Realm sections (there are two in this example, but we only want to talk to one AD/Kerberos domain using one https:// - hosted IdP. Do we only need 1 :Realm definition? Thanks in advance for suggestions. David Perry eLearning Technologist, eLearning Team (L34 - Library) Hull College Group Wilberforce Drive, Queen's Gardens, Hull HU1 3DG Extension 2230 / Direct Dial 01482 381930 * * * Think about the environment - Do you really need to print this email? ********************************************************************** This message is sent in confidence for the addressee only. It may contain confidential or sensitive information. The contents are not to be disclosed to anyone other than the addressee. Unauthorised recipients are requested to preserve this confidentiality and to advise us of any errors in transmission. Any views expressed in this message are solely the views of the individual and do not represent the views of the College. Nothing in this message should be construed as creating a contract. Hull College owns the email infrastructure, including the contents. Hull College is committed to sustainability, please reflect before printing this email. ********************************************************************** Mae'r e-bost hwn ac unrhyw ffeiliau atodedig yn gyfrinachol ac at sylw'r unigolyn neu'r sefydliad a enwir uchod. Bydd unrhyw farn neu sylwadau a fynegir yn perthyn i'r awdur yn unig ac ni chynrychiolant o anghenraid farn Coleg Sir Gâr. Os ydych chi wedi derbyn yr e-bost hwn ar gam, rhowch sylw i'r gweinyddwr ar y cyfeiriad canlynol: [log in to unmask] Cysidrwch yr amgylchedd - a oes wir angen argraffu'r ebost hwn? This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Coleg Sir Gâr. If you have received this email in error please notify the administrator on the following address: [log in to unmask] Please consider the environment - do you really need to print this email?.