[Freeipa-users] Does FreeIPA support web services SSO gracefully?
John Dennis
jdennis at redhat.com
Fri May 4 15:44:25 UTC 2012
On 05/04/2012 11:26 AM, Rob Crittenden wrote:
> Firefox needs to be configured to be allowed to perform Kerberos SSO in
> a domain. FreeIPA 2.2 introduced a forms-based login so you don't have
> to fall back to basic authentication (with KrbMethodK5Passwd on).
The forms based login applies to the IPA Admin console, the OP was
asking web services other than the IPA admin console, therefore that's
not relevant.
What is relevant is getting the other web services to use kerberos
negotiate auth instead of whatever they are currently using. The
difficulty of that task really depends on the particular web service.
The user must also be able to acquire a kerberos ticket.
So the answer to the OP is, if you can satisfy the following two
conditions then IPA is a graceful solution:
1) The web service can be configured to use kerberos negotiate auth.
2) Each of your users has a facility available to acquire a kerberos ticket.
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list