I've been using CAS as SSO solution in some portal integration projects . CAS is a wonderful framework for customzing and integration on different client-side frameworks especially in Java environments.
Now I have a customer who whant to integrate different web-applications within a single SSO solution. The web-applications are a max of different frameworks, partly Java-applicatons (JSP, Struts and so on) and .NET applications. For SSO the already existing Windows-User per SPNEGO/NTLM should be used (it's an Intranet and everybody has a Domain-User in their AD). In most cases the AD-roles should be used, too. So my first idea was: Perfect...use CAS and the SPNEGO-integration for initial authentication and then use only CAS for subsequent authentification-requests. But does this really make sense?? Isn't the Kerberos/NTLM - Token enough for SSO instead of a additional SSO-Coolie from CAS? I think for .NET applications a indirection to CAS is complex, since support for NTLM is better then for CAS ;-) And for Java-applications: Isn't a direct integration of NTLM/SPNEGO into Jboss/Tomcat is enough (per Valve/Filter and Loginmodule) So my question is: What is a really useful scenario for using NTLM/SPNEGO integration in CAS especially if a subsequent request to the AD has to be done after succesful authentication ? (eg. for for getting user details like roles) Thanks to everybody giving me a hint!! -- Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user