Thank you for your quick reply Rob, I'll try it.
On Fri, Jul 29, 2011 at 11:50 AM, Rob Crittenden <[email protected]>wrote: > Rapid Noreapeat wrote: > >> Is it possible to integrate my web applications like portal website, >> helpdesk website, and other web apps login using FreeIPA's login >> accounts (SSO) like CAS? >> > > It depends. The FreeIPA SSO is Kerberos-based so you'd need to provide > access to your KDC for this to work. If we're talking external portal then > you may not want to expose your KDC. > > It also requires some configuration. Your browser has to be configured to > do Negotiate auth against a given domain. It will also need to trust the > IPA CA (and since CAS seems at least partially SSL-based you already handle > this). > > I don't know much about CAS other than what I just read on their web site > but it looks like they handle redirecting when you aren't authenticated, > seemingly allowing a nice way to mix protected and unprotected data. I think > you'd have to do much of this configuration yourself in Apache. Probably not > a huge amount of work though. > > So it is basically whatever mod_auth_kerb provides. > > rob >
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
