[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: Question to SSTC -- RE: Questions Regarding SAML 2.0 Conformance
On 7/8/11 1:22 PM, "Steve Finegan" <SFinegan@agiliance.com> wrote: >The use case we are trying to address is to provide a seamless experience >to >enterprise users within a domain who have already logged on to the domain >through Kerberos. When they access our application, we want to provide the >ability for all or a subset of users to be passed right through to our >application. This is, of course, for on-site deployments and not cloud >deployments. SAML will be for hosted deployments. It's extremely common to handle that with dual URLs and tricks like that, to allow separate software to handle things. SPNEGO is far from seamless in practice, and isn't even enabled by default on many browsers, so there are provisioning and error handling challenges. >There is an RFC out for SPNEGO-based Kerberos and NTLM HTTP Authentication >in Microsoft Windows, but I am having a challenge obtaining information on >what needs to be done to enable a web application to actually use these >capabilities within our application. The application shouldn't be involved, it's the web server's job. The app's job is to look at REMOTE_USER, at least for simple identity. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]