SAML-AAI/Kerberos (re-send)

Thomas Hardjono hardjono at MIT.EDU
Wed Mar 21 10:27:03 EDT 2012


Hi Chen Liang,

Related to this, OASIS should soon be publishing a spec on Kerberos Web Browser SSO using SAML.
When it comes out, I will forward it to this list.

/thomas/


________________________________________
From: kerberos-bounces at MIT.EDU [kerberos-bounces at MIT.EDU] on behalf of Douglas E. Engert [deengert at anl.gov]
Sent: Tuesday, March 20, 2012 5:40 PM
To: kerberos at mit.edu
Subject: Re: SAML-AAI/Kerberos (re-send)

On 3/20/2012 4:26 PM, Chen Liang wrote:
> Hi all,
>
> I'm doing research in federated single sign-on. I saw the work of rok Papez
> to connecting web and Kerberos single sign-on. The work was presented
> in Terena networking conference (Link:
> http://tnc2009.terena.org/schedule/presentations/showdf6f.html?pres_id=56).
> However,
> I can't find any implementation or any documentation on how to implement
> the issue.
>
> I'm wondering, has anyone attempted to implement work? If so, where can I
> find documentation on it? Any help would be great.

As I said in the previous response, Shibboleth can do this.

The Shibboleth IDP can accept SPNEGO GSSAPI as an authentication method.
Thus you can use a campus Kerberos infrastructure to login into
your site IDP in a larger federation.

https://wiki.shibboleth.net/confluence/display/SHIB2/Kerberos+Login+Handler

Or Google for shibboleth kerberos

For a large federation see: http://www.incommonfederation.org/


>
> The last email has a large attachment. Here is the re-edited version.
>
> Thanks
> Chen
>

--

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
________________________________________________
Kerberos mailing list           Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos



More information about the Kerberos mailing list