Grouper Users - Open Discussion List

[THIA Jean-Marie <>]

Hi Chris,
For #1, it depends on your authN strategy. It might be helpful to consider AD as an LDAP directory that rely on Kerberos for the authentication mechanism.
So you can rely on Kerberos for SSO from your computer to your app our web app (works very well with IIS, SharePoint). Beside, you may also use CAS for web SSO as CAS can use SPNEGO / SSPI to get the Kerberos ticket (haven't  try that yet)
Hope that helped,
Jean Marie

Envoyé à partir de mon mobile

---

De : Rob Hebron
Envoyé : 12/04/2012 15:53
À :
Objet : Re: [grouper-users] Grouper and AD

On 12/04/12 14:40, Chris Hyzer wrote:
> Penn is planning to install and maintain a central Active Directory service.  A couple of questions:
>
> 1. Does anyone delegate the authentication to kerberos or radius?  How does that work?

For MIT kerberos these may be of interest:

http://projects.oucs.ox.ac.uk/maddox/MADDOX_Final_Report_v1.pdf
http://www.oucs.ox.ac.uk/services/iam/kerberos/ad-xrt-howto.xml

There are many pitfalls, not least that may applications that claim to
support AuthN to AD do not support Kerberos.


Rob