I am not sure I am entirely clear on your use case. You want to implement
"computer auth" or domain-based AuthN via FrenchConnect's OIDC support?
To answer your other questions: Authentication can always be delegated to an
external provider, such as another CAS server, a SAML2 IDP, an OIDC/OpenID
provider, FB, Twitter, G+, etc. These are web-based. Not domain-based. There
is no straight forward way to do this. In a nutshell and as a first, you
need to know which OIDC profiles FrenchConnect supports. If they support
implicit or hybrid, we can talk more. Otherwise, this is probably not
possible without a whole lot of pain assuming I have understood your case
correctly.
> -Original Message-
> From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Julien
> Gribonvald
> Sent: Tuesday, June 28, 2016 3:56 AM
> To: cas-user@apereo.org
> Subject: [cas-user] Reflexion around SPNEGO authentication and external
> IDP
>
> Hi,
>
> In ESUP consortium we are looking for a way to do some possible use case
> on
> how to integrating the new French government central "identity provider",
> that
> french's administrations services will be able to integrate to
> authenticate all
> french peoples on their apps (FranceConnect and it use openId connect
> protocol).
>
> So we know it's possible to integrate it without too much difficulties, we
> need
> only to use this service as authentication handler, but we have some
> workflow
> to develop. Our problems aren't for web authentication but on computer's
> auth
> (when using SPNEGO/kerberos...).
>
> How can we do when the account's principals (login/password) are not known
> "localy" ? in this case how to do ? or how to delegate the computer
> authentication on a web only external service ?
> Is their a way or is it possible to connect the user from a web access
> when the
> user log in from a computer ?
>
> Reflexions are also welcome for a such use case !
>
> Thanks,
> --
> Julien Gribonvald
>
> --
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email
> to cas-user+unsubscr...@apereo.org.
> To post to this group, send email to cas-user@apereo.org.
> Visit this group at
> https://groups.google.com/a/apereo.org/group/cas-user/.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-
> user/577257A5.7010506%40recia.fr.
> For more options, visit https://groups.google.com/a/apereo.org/d/optout.
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/008701d1d187%24cc7a6ae0%24656f40a0%24%40unicon.net.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
