[Freeipa-users] Is it possible FreeIPA for Web Apps SingleSignOn like CAS?
Rapid Noreapeat
rapidnorepeat at gmail.com
Fri Jul 29 06:30:10 UTC 2011
Thank you for your quick reply Rob,
I'll try it.
On Fri, Jul 29, 2011 at 11:50 AM, Rob Crittenden <rcritten at redhat.com>wrote:
> Rapid Noreapeat wrote:
>
>> Is it possible to integrate my web applications like portal website,
>> helpdesk website, and other web apps login using FreeIPA's login
>> accounts (SSO) like CAS?
>>
>
> It depends. The FreeIPA SSO is Kerberos-based so you'd need to provide
> access to your KDC for this to work. If we're talking external portal then
> you may not want to expose your KDC.
>
> It also requires some configuration. Your browser has to be configured to
> do Negotiate auth against a given domain. It will also need to trust the
> IPA CA (and since CAS seems at least partially SSL-based you already handle
> this).
>
> I don't know much about CAS other than what I just read on their web site
> but it looks like they handle redirecting when you aren't authenticated,
> seemingly allowing a nice way to mix protected and unprotected data. I think
> you'd have to do much of this configuration yourself in Apache. Probably not
> a huge amount of work though.
>
> So it is basically whatever mod_auth_kerb provides.
>
> rob
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110729/37d1cb98/attachment.htm>
More information about the Freeipa-users
mailing list