Hello all,
this maybe a newbie question but I have hard time finding a solution for
our scenario.
Maybe someone here has pointers on is this possible to accomplish with
CAS (or am I totally lost :) ):
Scenario:
- We have an user logged in company Active Directory network
- The company has multiple web systems to a be added under SSO.
- As the user is logged into his machine (and is authenticated to
company Infra network), the user would not want to input again
username/password to ANY login page.
- Insted the user would like to point his/her browser to some address
and get inside the system he wants.
- The authentication would be done automatically against the users browser.
We have accomplished the previous example for one system by doing some
windows integrated authentication (with IIS+windows authentication+IE),
but would like to have a more general way to have n-systems (on
java&.net platform) working like this. Perhaps one possibility is to use
CAS?
Questions:
- If I have understood correctly in the wiki, CAS can be integrated with
for example for authenticating against AD, or some other source. So
adding n-systems under SSO and authenticate users against AD would be ok
with a single login page.
- But is it necessary always to have the CAS login page? Is it possible
to configure CAS to autoauthenticate user browser against AD? So the
user logged inside AD would point browser to
"https://caslogin.intra/?service=https://other_server/application1" and
cas would authenticate the user and redirect to the actual application.
If this scenario is possible with CAS, what would be the configuration?
I'm a little bit lost with the need for such protocols as SPNEGO and
Kerberos (when would you use spnego or kerberos?).
I hope that I was not too confusing with this question, and thank you
for any input.
Best Regards, Pasi
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user