[Freeipa-users] Is it possible FreeIPA for Web Apps SingleSignOn like CAS?
Rob Crittenden
rcritten at redhat.com
Fri Jul 29 04:50:47 UTC 2011
Rapid Noreapeat wrote:
> Is it possible to integrate my web applications like portal website,
> helpdesk website, and other web apps login using FreeIPA's login
> accounts (SSO) like CAS?
It depends. The FreeIPA SSO is Kerberos-based so you'd need to provide
access to your KDC for this to work. If we're talking external portal
then you may not want to expose your KDC.
It also requires some configuration. Your browser has to be configured
to do Negotiate auth against a given domain. It will also need to trust
the IPA CA (and since CAS seems at least partially SSL-based you already
handle this).
I don't know much about CAS other than what I just read on their web
site but it looks like they handle redirecting when you aren't
authenticated, seemingly allowing a nice way to mix protected and
unprotected data. I think you'd have to do much of this configuration
yourself in Apache. Probably not a huge amount of work though.
So it is basically whatever mod_auth_kerb provides.
rob
More information about the Freeipa-users
mailing list