hi, I see. the problem here is that the browser (of users that are not part of the AD) does not know how to handle the NEGOTIATE-request (401) sent by the cas-server and hence displays the 401 response.
within our project we did implement the spnego-authentication in a extra webflow (spnego-webflow.xml) being configured on a separate path (e.g. http://cas-server/auto-login ). those users, that are connected to the AD, just call http://cas-server/auto-login and will be logged in automatically via spnego. if spnego fails the user gets redirected to the standard login-form (and webflow). On Thu, Jun 14, 2012 at 5:21 PM, Leszek Miś <[email protected]> wrote: > Hi All, > can I ask you for little help? > > I've a problem with fallback to non-interactive FORM authentication based > on LDAP if SPNEGO is failed/is not available. > > CAS+SPNEGO works great when I'm logged in to station connected to AD. > > The problem is with client which is outside the AD environment. Then I get > 401 directly from Tomcat. I was trying to modify login-webflow.xml without > success. I attached login-webflow.xml . > > Any clues? > > Thank you in advance. > > /lm > > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
